ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382

Analysis

max time kernel
149s
max time network
119s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
14/06/2024, 22:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
Size

85KB
MD5

6e59fd3c3952e47c18275508e8c3a7ca
SHA1

87874346dbd3aa0eea3ca6c9a12ed1e8fcc96f52
SHA256

ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382
SHA512

1b910c73da7f2f2b82bfd17aa75ef3ea9cb795a6db93340bb67de9181f34fbb38628a0e6d576336f4ace0ee96a3ba6b001f71db1f76425e5eda454890dcec43c
SSDEEP

768:pBfc16GVRu1yK9fMnJG2V9dHS8EMapdwIT+lCCWxGuq8KsD5L6sKbAp3c4VvMyhC:pQ3SHuJV9N4BXguNKCOsLM4H5uw/a+q

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1984	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
3032	Logo1_.exe
2608	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe

Loads dropped DLL 6 IoCs

pid	Process
1984	cmd.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe
2584	WerFault.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Bibliography\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Document Parts\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Stationery\1033\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\SpiderSolitaire\ja-JP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\CPU.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ka\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\it-IT\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\OneNote\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jre7\lib\zi\Africa\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.httpclient4.feature_3.9.1.v20140827-1444\META-INF\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\DVD Maker\Shared\DvdStyles\FlipPage\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VGX\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSTORE.EXE	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\pa\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\InfoPath.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\en-US\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\Mahjong\it-IT\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Excel.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Server Extensions\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\DAO\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\de-DE\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.ui.themes_1.0.1.v20140819-1717\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\Office64.en-us\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\bin\jmc.exe	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ja\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\lg\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\Pipeline.v10.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Google\Update\Download\{8A69D345-D564-463C-AFF1-A69D9E530F96}\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolData\groove.net\Welcome Tool\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Setup Files\{AC76BA86-7AD7-1033-7B44-A90000000001}\Setup.exe	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\ECLIPSE\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Microsoft Games\More Games\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.babel.nls_eclipse_zh_4.4.0.v20140623020002\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\d3d9\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\ODeploy.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\it-IT\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\it\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\pt_BR\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Sounds\_desktop.ini	Logo1_.exe
File created	C:\Program Files\DVD Maker\Shared\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\RADIAL\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Office Setup Controller\PowerPoint.en-us\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\ja-JP\js\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\vDll.dll	Logo1_.exe
File created	C:\Windows\rundl132.exe	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
File created	C:\Windows\Logo1_.exe	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2584	2608	WerFault.exe	31

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe
3032	Logo1_.exe

Suspicious use of WriteProcessMemory 29 IoCs

description	pid	Process	procid_target
PID 2012 wrote to memory of 1984	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	28
PID 2012 wrote to memory of 1984	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	28
PID 2012 wrote to memory of 1984	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	28
PID 2012 wrote to memory of 1984	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	28
PID 2012 wrote to memory of 3032	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	29
PID 2012 wrote to memory of 3032	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	29
PID 2012 wrote to memory of 3032	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	29
PID 2012 wrote to memory of 3032	2012	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	29
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 1984 wrote to memory of 2608	1984	cmd.exe	31
PID 3032 wrote to memory of 2556	3032	Logo1_.exe	32
PID 3032 wrote to memory of 2556	3032	Logo1_.exe	32
PID 3032 wrote to memory of 2556	3032	Logo1_.exe	32
PID 3032 wrote to memory of 2556	3032	Logo1_.exe	32
PID 2556 wrote to memory of 2568	2556	net.exe	34
PID 2556 wrote to memory of 2568	2556	net.exe	34
PID 2556 wrote to memory of 2568	2556	net.exe	34
PID 2556 wrote to memory of 2568	2556	net.exe	34
PID 2608 wrote to memory of 2584	2608	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	35
PID 2608 wrote to memory of 2584	2608	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	35
PID 2608 wrote to memory of 2584	2608	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	35
PID 2608 wrote to memory of 2584	2608	ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe	35
PID 3032 wrote to memory of 1176	3032	Logo1_.exe	21
PID 3032 wrote to memory of 1176	3032	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1176
- C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
  "C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:2012
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$aD4A.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1984
  - - C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe
      "C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:2608
    - - C:\Windows\SysWOW64\WerFault.exe
        
        C:\Windows\SysWOW64\WerFault.exe -u -p 2608 -s 552
        5⤵
        Loads dropped DLL
        Program crash
        
        PID:2584
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:3032
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2556
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        
        PID:2568

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
254KB

MD5
e542b339816098a38ee16a176deaa93b

SHA1
de2fc07c7b251538956beb23b9a9ec238efd91a0

SHA256
2bdc58a31e8b85897d78c00f3dbe9ce524cc41481894cfa89d5c9f41f035e9b6

SHA512
711c2cb92dadad406fda87d71a634b9ee7fcc96d09a2e169b963e6b19cee6f6a21a07a1b517c62177fd9784cfb7aabe32f8d549172b092879a5ee1189954a377

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
474KB

MD5
6eabc463f8025a7e6e65f38cba22f126

SHA1
3e430ee5ec01c5509ed750b88d3473e7990dfe95

SHA256
cc8da3ecd355b519d81415d279ed037c725ba221bf323d250aa92ee2b2b88ca7

SHA512
c8fde7026ac8633403bbefee4b044457184388fb7343d8c46f5f7f272724227976bf485ea91da49e2a85dd0cfb73f260ac705d8007333dd3e5539fe5ed67e3ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$aD4A.bat

Filesize
721B

MD5
dc8a92b5ddeaa99320eee8e5399394de

SHA1
f8dee31d79c5416766f296e1ab1c30a85a588b87

SHA256
03aae9afb10238a27883391fe58a09d55105029c66f0b08cb9a714f4b130c1e9

SHA512
3ccfe1b9dabc68e3e68e3c77d3f04e5cfd73391ce9621666e67739a2eea25e93574d9cc19f27c52fce3d59098569ce14c331fa3c06a118ff2119da2b81175f63

Download Submit
C:\Users\Admin\AppData\Local\Temp\ce69f7ebecfebe50af437b063d7e5630400cff6af57a66535306bc8907b96382.exe.exe

Filesize
56KB

MD5
c463b700818ce76280712996e0e76cb2

SHA1
8d326ff84883861b94b1695f293bcb35545b7514

SHA256
01281dc3fd2aa9b95e9c8af2f485365ee4ee042305216366cd3ba30dde048a99

SHA512
93481218c4e87b2ee99c3ed3177e07886d537c0fada4fd1b40f59afc3010812beeee9ebeb37d77cfb6b9cb4242188461b4ba9991bcb6b90db28e77a8d94e4bc6

Download Submit
C:\Windows\Logo1_.exe

Filesize
29KB

MD5
523fd6c3e8adc537e86e5cba904beec7

SHA1
78f409b465ead7c142c1ba953f2e2ee672db3c46

SHA256
1e71cf4efa0319f39447c3b4de4ac944873f4fbf45e1a3a645625c95e23188b9

SHA512
49ef33615976771df5be42adf10651ff12b56b939d6bfbc7e0a4cf7d9896f8cd4d43071f39b399590519478c673a767e217c6ccb921a08689742be85744fe557

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2297530677-1229052932-2803917579-1000\_desktop.ini

Filesize
9B

MD5
03c36dbecb7f35761f80ba5fc5566da6

SHA1
159b7733006187467bda251a1bbb278c141dceb6

SHA256
85a53f5b976fb1c26ce14c31e93c1f68997d2d8b09ab9aa2b7e0d32b8e50ec3b

SHA512
fe573085d2abef34adcede2f89b1c2810875ab00ef9ba27a1d95ed1dbe93e182fc53d981901a0b8048dd4eb5fdc852b8f0e0c3a0e1a404cbbe70e13a7a14104a

Download Submit
memory/1176-38-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/2012-41-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download
memory/2012-16-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download
memory/2012-18-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2012-0-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/2012-17-0x0000000000260000-0x0000000000296000-memory.dmp

Filesize
216KB

Download
memory/2608-49-0x0000000074B3E000-0x0000000074B3F000-memory.dmp

Filesize
4KB

Download
memory/2608-31-0x0000000000B20000-0x0000000000B34000-memory.dmp

Filesize
80KB

Download
memory/2608-30-0x0000000074B3E000-0x0000000074B3F000-memory.dmp

Filesize
4KB

Download
memory/3032-55-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-48-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-101-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-107-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-856-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-1860-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-40-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-2461-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-3320-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3032-20-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download