465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20241010-en
resource tags

arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
submitted
31-10-2024 08:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
Size

1.6MB
MD5

1606310132423f317a90ee2a01f048e9
SHA1

3a934793eaba1a632fab519a9f58ee2d1d6ebf7e
SHA256

465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4
SHA512

f6e6a8194fb0b6cbefc457db1b1f26461a6d4c8dda4c01b45ef82cf7749cc89a9f6c1978244e15794c59b4b618567994c4f8a27ffec8fa99f4e6c6335ecad9fc
SSDEEP

24576:77jjJRtwhWDEXmJFnJjw8a4HXz9iAQEqAm4Duiw60GFkgDLJrWBvO0yjm0n:777b9D9iiqAHJwFgDLJrwvo

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2488	cmd.exe

Executes dropped EXE 2 IoCs

pid	Process
2452	Logo1_.exe
2240	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe

Loads dropped DLL 1 IoCs

pid	Process
2488	cmd.exe

Enumerates connected drives 3 TTPs 21 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	Logo1_.exe
File opened (read-only)	\??\Q:	Logo1_.exe
File opened (read-only)	\??\N:	Logo1_.exe
File opened (read-only)	\??\L:	Logo1_.exe
File opened (read-only)	\??\H:	Logo1_.exe
File opened (read-only)	\??\X:	Logo1_.exe
File opened (read-only)	\??\V:	Logo1_.exe
File opened (read-only)	\??\U:	Logo1_.exe
File opened (read-only)	\??\O:	Logo1_.exe
File opened (read-only)	\??\J:	Logo1_.exe
File opened (read-only)	\??\I:	Logo1_.exe
File opened (read-only)	\??\G:	Logo1_.exe
File opened (read-only)	\??\Z:	Logo1_.exe
File opened (read-only)	\??\W:	Logo1_.exe
File opened (read-only)	\??\T:	Logo1_.exe
File opened (read-only)	\??\S:	Logo1_.exe
File opened (read-only)	\??\R:	Logo1_.exe
File opened (read-only)	\??\P:	Logo1_.exe
File opened (read-only)	\??\M:	Logo1_.exe
File opened (read-only)	\??\E:	Logo1_.exe
File opened (read-only)	\??\Y:	Logo1_.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Common Files\microsoft shared\Help\1036\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\MEDIA\OFFICE14\LINES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\RSSFeeds.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\p2\org.eclipse.equinox.p2.engine\profileRegistry\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.5\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\es-ES\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\Currency.Gadget\de-DE\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\include\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\VisualElements\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\de-DE\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\fr-FR\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\ja-JP\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.equinox.p2.rcp.feature_1.2.0.v20140523-0116\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\css\ui-lightness\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\MSOHTMED.EXE	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\WinMail.exe	Logo1_.exe
File created	C:\Program Files\Microsoft Games\Chess\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\plug_ins\VDKHome\ENU\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Help\en_US\Adobe Reader\9.0\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\sk\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\sk\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\css\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\VC\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\Web Folders\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.rjmx_5.5.0.165303\icons\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\am\LC_MESSAGES\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\eu\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\js\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\Groove\ToolBMPs\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\XML Files\Space Templates\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Uninstall Information\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Common Files\microsoft shared\TextConv\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\fr-FR\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\bn\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\ga\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\THEMES14\NETWORK\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\STARTUP\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows NT\Accessories\es-ES\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\locale\zh_CN\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\js\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\Bibliography\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveForms5\FormsStyles\Lime\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Microsoft Office\Office14\Groove\Certificates\Verisign\Components\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files (x86)\Windows Sidebar\Gadgets\Weather.Gadget\fr-FR\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Mozilla Firefox\browser\features\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\locale\ks_IN\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\ink\ja-JP\_desktop.ini	Logo1_.exe
File created	C:\Program Files\VideoLAN\VLC\lua\meta\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Common Files\microsoft shared\VSTA\8.0\_desktop.ini	Logo1_.exe
File created	C:\Program Files (x86)\Microsoft Office\Office14\BORDERS\_desktop.ini	Logo1_.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\MEIPreload\_desktop.ini	Logo1_.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\WidevineCdm\_platform_specific\win_x64\_desktop.ini	Logo1_.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\rundl132.exe	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
File created	C:\Windows\Logo1_.exe	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
File opened for modification	C:\Windows\rundl132.exe	Logo1_.exe
File created	C:\Windows\vDll.dll	Logo1_.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	net1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Logo1_.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe
2452	Logo1_.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 2324 wrote to memory of 2488	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	28
PID 2324 wrote to memory of 2488	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	28
PID 2324 wrote to memory of 2488	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	28
PID 2324 wrote to memory of 2488	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	28
PID 2324 wrote to memory of 2452	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	30
PID 2324 wrote to memory of 2452	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	30
PID 2324 wrote to memory of 2452	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	30
PID 2324 wrote to memory of 2452	2324	465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe	30
PID 2452 wrote to memory of 2496	2452	Logo1_.exe	31
PID 2452 wrote to memory of 2496	2452	Logo1_.exe	31
PID 2452 wrote to memory of 2496	2452	Logo1_.exe	31
PID 2452 wrote to memory of 2496	2452	Logo1_.exe	31
PID 2488 wrote to memory of 2240	2488	cmd.exe	33
PID 2488 wrote to memory of 2240	2488	cmd.exe	33
PID 2488 wrote to memory of 2240	2488	cmd.exe	33
PID 2488 wrote to memory of 2240	2488	cmd.exe	33
PID 2496 wrote to memory of 1920	2496	net.exe	34
PID 2496 wrote to memory of 1920	2496	net.exe	34
PID 2496 wrote to memory of 1920	2496	net.exe	34
PID 2496 wrote to memory of 1920	2496	net.exe	34
PID 2452 wrote to memory of 1192	2452	Logo1_.exe	21
PID 2452 wrote to memory of 1192	2452	Logo1_.exe	21

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:1192
- C:\Users\Admin\AppData\Local\Temp\465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
  "C:\Users\Admin\AppData\Local\Temp\465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2324
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\$$a9627.bat
    3⤵
    - Deletes itself
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Users\Admin\AppData\Local\Temp\465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe
      "C:\Users\Admin\AppData\Local\Temp\465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe"
      4⤵
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      System Location Discovery: System Language Discovery
      PID:2240
- - C:\Windows\Logo1_.exe
    C:\Windows\Logo1_.exe
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - Drops file in Program Files directory
    - Drops file in Windows directory
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:2452
  - - C:\Windows\SysWOW64\net.exe
      net stop "Kingsoft AntiVirus Service"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2496
    - - C:\Windows\SysWOW64\net1.exe
        
        C:\Windows\system32\net1 stop "Kingsoft AntiVirus Service"
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdateCore.exe

Filesize
251KB

MD5
3d1572bb8bd0f47c8bae09ad1cd6d327

SHA1
1200b1b3f2404dcef74dfcf8affde5b605bc9114

SHA256
60aa8a96919888258a3b10447d91f4f83993e7fefbf9c7e32b21124c1cdfd262

SHA512
d7b7b18682e5f58e72b9d3a27c2d334c3db00e44a6b1faf1a765390356e8b20e69e4189e95487e56c3aca2710d761fecc069d764e73b64ea4ae6229f3460f9b0

Download Submit
C:\ProgramData\Package Cache\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}\vcredist_x64.exe

Filesize
471KB

MD5
4cfdb20b04aa239d6f9e83084d5d0a77

SHA1
f22863e04cc1fd4435f785993ede165bd8245ac6

SHA256
30ed17ca6ae530e8bf002bcef6048f94dba4b3b10252308147031f5c86ace1b9

SHA512
35b4c2f68a7caa45f2bb14b168947e06831f358e191478a6659b49f30ca6f538dc910fe6067448d5d8af4cb8558825d70f94d4bd67709aee414b2be37d49be86

Download Submit
C:\Users\Admin\AppData\Local\Temp\$$a9627.bat

Filesize
722B

MD5
0c6de7fefeb170faf3f4eaae51a5c7e8

SHA1
c187e84d8d27217b0f7ef3dd2080bc724803dc9b

SHA256
7da006b0f96f7774b0b17cadcf454e3bd4945a4a747469f3f171ac18f7517971

SHA512
6cc5e5f2e7544ad9533c32367b76cec2bfb4e2fec1cc8e5aa11b45cd236418c81ac7cd6c5848b55131bad9dd7ef871cfa7cbb5b9fe83920dc96bbb2f616611af

Download Submit
C:\Users\Admin\AppData\Local\Temp\465fc53fb7406b640565287a6c9b253ec523c4c1ac0e31b7d270b9e1959777c4.exe.exe

Filesize
1.6MB

MD5
dbef7929df17f21ec8427c6a5a98ca25

SHA1
7d059084c088f472db8e4e35f47082c4e18654cd

SHA256
66b0229295b9798d15a2e3d69cf59d021e26268c33bc5876a6cfe32f2e79f8b2

SHA512
01cafbe6c31a1666101d89cec8a7c7645fa0cc7656a7296f5dcaf63f6f3cca915d14d525d1aac4d49aa778c404882d98bdffec7f4a77fcce382f088b12a934b3

Download Submit
C:\Windows\rundl132.exe

Filesize
26KB

MD5
0a9fcb5422705ccc52b97a0f291ad9bc

SHA1
1464f8724a42524e5dc47483eb6288e9c34fec22

SHA256
85272876bcd6492a6bb54bfc95d2c4dc6d8cbee27dc11f7a60cad6620954a933

SHA512
f719785fecf4087ebd2ca0ff8ade00136472ab2b41dedcf3a9ecbb902f669c7449b395d0c92a9c2e6514dc48447c9eafaa54baf667f0050c42d212a08e632c3b

Download Submit
F:\$RECYCLE.BIN\S-1-5-21-2039016743-699959520-214465309-1000\_desktop.ini

Filesize
10B

MD5
688d58fa5756a393f9472937ef284c25

SHA1
18ee07a5ee8de4fbd046763cd4a55ef2e6c3f808

SHA256
e21f27bdf2d90c77d75658b5217d5af4519a6c1bfc326a109eb4a085a2b83302

SHA512
c84930eb323c71ffc1edac543a2f60e366de40b39a88b18dba09c1272fae0b12262f4fae496bc9546598507fc37729d829f93b101bbec4739a05be33e0010a3f

Download Submit
memory/1192-31-0x0000000002E10000-0x0000000002E11000-memory.dmp

Filesize
4KB

Download
memory/2324-18-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2324-12-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2324-17-0x0000000000220000-0x0000000000254000-memory.dmp

Filesize
208KB

Download
memory/2324-0-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-33-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-40-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-46-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-92-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-99-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-313-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-1875-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-3335-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download
memory/2452-20-0x0000000000400000-0x0000000000434000-memory.dmp

Filesize
208KB

Download