banload | aaf0e30255217a22cc244a75919e99227d11f7e92b0f6e474e93fddc8a1f7142

Analysis

max time kernel
85s
max time network
92s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2025, 19:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MouseSpeedSetup.exe
Size

7.3MB
MD5

0530d46a8be39eed7b0c613ab6182c82
SHA1

9a567aa4df2644010a7c0d97244ccbdf2be62def
SHA256

aaf0e30255217a22cc244a75919e99227d11f7e92b0f6e474e93fddc8a1f7142
SHA512

ed2dcec32a611f278d787a22ddc7145a1086d91d106276236922928128398ba780cd3b0764508635d039c7a3e0900c4e8e791badcf1d95606eb0a89e3245c65c
SSDEEP

98304:NkL4SowvA8okj4yklTsH3/CbmWLPcWqe3UnHzfJTwbESzfsYf6ugUM0NgkVxDl:+N9NDklTWWLUnTfbQi0Xvp

Score

10^/10

banload defense_evasion discovery downloader dropper persistence trojan

Malware Config

Signatures

Banload
Banload variants download malicious files, then install and execute the files.
trojan dropper downloader banload
Banload family
banload

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

defense_evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	mssLicChk.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	mssLicChk.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate	mssLicChk.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gpsMouseSpeed = "C:\\Program Files (x86)\\MouseSpeedSwitcher\\MouseSpeed.exe"	MouseSpeedSetup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\gpsMouseSpeed = "C:\\Program Files (x86)\\MouseSpeedSwitcher\\MouseSpeed.exe"	MouseSpeed.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
4324	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 25 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-HT509.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-DS9PI.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-QFKM0.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-T61O9.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\unins000.dat	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-KEAVS.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-TAL83.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-JVEIQ.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-SUP0N.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\is-O8COL.tmp	MouseSpeedSetup.tmp
File opened for modification	C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-BJV08.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-3G89K.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-VAH0D.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\is-CN65D.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\unins000.msg	MouseSpeedSetup.tmp
File opened for modification	C:\Program Files (x86)\MouseSpeedSwitcher\unins000.dat	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-AFP0V.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-3LBCG.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-S4B90.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-IC98M.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-1FH59.tmp	MouseSpeedSetup.tmp
File opened for modification	C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\is-48OJ0.tmp	MouseSpeedSetup.tmp
File created	C:\Program Files (x86)\MouseSpeedSwitcher\Help\Images\is-UOLKT.tmp	MouseSpeedSetup.tmp

Executes dropped EXE 4 IoCs

pid	Process
4732	MouseSpeedSetup.tmp
4324	MouseSpeed.exe
1120	mssLicChk.exe
2036	MouseSpeed.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeedSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeedSetup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeed.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mssLicChk.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MouseSpeed.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000_Classes\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}	MouseSpeed.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000_Classes\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}\Hideadeby = 7a42674518fb8329407e2ab924fe56820827baff016c2006b8cc5022a195090a	MouseSpeed.exe
Key created	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000_Classes\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}	MouseSpeed.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\InprocServer32\ = "C:\\Windows\\SysWOW64\\AuthFWGP.dll"	mssLicChk.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1161330783-2912525651-1278508834-1000_Classes\{C9D08DF4-A71D-4D97-B2A4-072EA18F8C77}\Hideadeby = 7a42674518fb8329407e2ab924fe56820827baff016c2006b8cc5022a195090a	MouseSpeed.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\ = "Windows Defender Firewall with Advanced Security"	mssLicChk.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\InprocServer32	mssLicChk.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{8C60EF9F-E190-C5E7-CBDF-08F13EAA6576}\InprocServer32\ThreadingModel = "Apartment"	mssLicChk.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4732	MouseSpeedSetup.tmp
4732	MouseSpeedSetup.tmp

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2036	MouseSpeed.exe
Token: SeIncBasePriorityPrivilege	2036	MouseSpeed.exe
Token: 33	2036	MouseSpeed.exe
Token: SeIncBasePriorityPrivilege	2036	MouseSpeed.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
4732	MouseSpeedSetup.tmp
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe

Suspicious use of SendNotifyMessage 4 IoCs

pid	Process
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4324	MouseSpeed.exe
4324	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe
2036	MouseSpeed.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 896 wrote to memory of 4732	896	MouseSpeedSetup.exe	86
PID 896 wrote to memory of 4732	896	MouseSpeedSetup.exe	86
PID 896 wrote to memory of 4732	896	MouseSpeedSetup.exe	86
PID 4732 wrote to memory of 4324	4732	MouseSpeedSetup.tmp	97
PID 4732 wrote to memory of 4324	4732	MouseSpeedSetup.tmp	97
PID 4732 wrote to memory of 4324	4732	MouseSpeedSetup.tmp	97
PID 4732 wrote to memory of 1120	4732	MouseSpeedSetup.tmp	99
PID 4732 wrote to memory of 1120	4732	MouseSpeedSetup.tmp	99
PID 4732 wrote to memory of 1120	4732	MouseSpeedSetup.tmp	99
PID 4732 wrote to memory of 2036	4732	MouseSpeedSetup.tmp	101
PID 4732 wrote to memory of 2036	4732	MouseSpeedSetup.tmp	101
PID 4732 wrote to memory of 2036	4732	MouseSpeedSetup.tmp	101

C:\Users\Admin\AppData\Local\Temp\MouseSpeedSetup.exe
"C:\Users\Admin\AppData\Local\Temp\MouseSpeedSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:896
- C:\Users\Admin\AppData\Local\Temp\is-J2MB2.tmp\MouseSpeedSetup.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-J2MB2.tmp\MouseSpeedSetup.tmp" /SL5="$80062,6780985,832512,C:\Users\Admin\AppData\Local\Temp\MouseSpeedSetup.exe"
  2⤵
  - Adds Run key to start application
  - Drops file in Program Files directory
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:4732
- - C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe
    "C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe" /r
    3⤵
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:4324
- - C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe
    "C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:1120
- - C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe
    "C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe"
    3⤵
    - Adds Run key to start application
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:2036

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\MouseSpeedSwitcher\MouseSpeed.exe

Filesize
4.6MB

MD5
5b916619621b1495cac1e5e93a5d582f

SHA1
873dbe0f809cfb10de02b2d292eaad1ec86c46c5

SHA256
507044f90efdce52671938922ce67cdb0f384b3479175c3865ce5610d65405f6

SHA512
197e225a3d740846c2a2317318c25960f7ca0dde87e86f832a503539ef820dde9e6dd0e1a40a842e5a5c0b3f9ebd6ad420dc8a9aca44763bb7dffde948cc7cdb

Download Submit
C:\Program Files (x86)\MouseSpeedSwitcher\mssLicChk.exe

Filesize
1.8MB

MD5
8e22ee7bb869fa2ef45caf8695f3c97d

SHA1
076ed837cc049809199f0a538cc2eee1b165d01c

SHA256
76cb0884c52d0f0e1998a77eba76a3abdf8e23684715f594b83a47bcc4750f68

SHA512
08daf0c6b43f1cc9fcc77b5338de0f0d0e729af88178a88e4d4d8a79a2f3ac7564423ff02548a3e60b32328cfcf4eaa02543f07fe57597e49fb8b259c80b1c0b

Download Submit
C:\ProgramData\SysMeecheoCommon\aboobooheabegh.had

Filesize
32B

MD5
2f10bf333a6251407126629b85d93fbd

SHA1
473f7b9b524e1cd2cf759422054f3b14b8fe61b7

SHA256
f819b15d9cfb1dbdd81aca8acde7cc6602f2844c35be0042ba3a0d1886aee5ef

SHA512
92bf86a6db1ab3463c749e9197abc36497e180916605d3c1d456800e6dba03cc53e9ed3f87d0c17127342ff5d0c89bd57e7349568b86ddddd54e849c24a5eb77

Download Submit
C:\Users\Admin\AppData\Local\Temp\5BA66BE2

Filesize
14B

MD5
d853880fa6f3b52fcca5888ad97bf723

SHA1
65cc85049317977f67d2ea41505f58087c69591b

SHA256
9e77d5079990913bc8f362f447461233cb32850b4e1514e1d8beac80ea28eb2e

SHA512
d612e4ac94bc5c0e4243645aa4be063e9835df6ab8327e1319743b55ca07a1414e29f60f594f6a6de343aa0f8ab238543417fad75382e5fd143655e77e86e7a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-J2MB2.tmp\MouseSpeedSetup.tmp

Filesize
3.1MB

MD5
044b0f4a2bc68e5fce570f054fce47c2

SHA1
edaa03cbca1ad86deaaec84a8c0a91a81da46674

SHA256
3e3c194b5a92e8a6c4cda0c0081c0ccfda898dcf09abcb549e8fe5ed6a8e85bb

SHA512
d99c80b6f075c70d5a6a823e61df7ac5d5f73386a6d920cece71350e011fab1f468d74c89775ac44b38ed04be724e744e83be5bfb3e93d5d7c33491d589166a0

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
612B

MD5
0200a085626c600ae1967b6bff11f9fb

SHA1
d8d42250f82272f38bac02d44df3610e2fad99d2

SHA256
e8978c71b6eda5b8f92dd95b314d020d442b050113fea90fbedfdb071d8aa777

SHA512
791bd5f858d0a40614153820ecd89b02405855c1c27c12d499fa34cc4bb38b2869a930e6531eb5f5ae9d56805b18ecfb600fd9f203b3da7c170707960c8c5b02

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
1KB

MD5
444ac481954be4d53a565a430b5b84ac

SHA1
50103663e32ccf02b935f707f7525f65777819e0

SHA256
0ba992a70b4f8348f7a9012b169b866b9d15d58f3285435acf3fbc11ce111972

SHA512
8854803176e2b9dce9bd7103e33e921bcd38a90aba016c4b5148d00e6b52a811324b0e3b4920330b51178f8c79ef33447c96edff6ebc28539632b6d5fb842bb3

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
2KB

MD5
61e2b22b5dad8413b87a3e9c1e96cd4f

SHA1
fca2618e15ec3ab17960c0d1fbe92a3ea932880c

SHA256
5379ed81f55e01c6307f8b56a614996c00daa47958ef8ae719973d39f32f8e67

SHA512
20a248dbb875009238b3f3a7a6def2b064ad7f5df79c3ec0a66b594e373f010809366d42311923d88dd34e5d45247186cfbeb220b47f438952d24e0f1e62058a

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
3KB

MD5
9da528697d8abf33bcc4dfbbab316f7e

SHA1
7cd21695ab4afd392384ea91599100a005fcb8e1

SHA256
2c1081f2b53920715862e2f3fa413c809c9556c1c6b93ee412a7205645ec5405

SHA512
e4de2780e60dec1873a3c8b30b748a3013d4280975f9f45e71157166c58abc6e067a64758113b0da8894cd8609ae08aa518fe28f7f8d1924469c3afd164f58bd

Download Submit
C:\Users\Admin\AppData\Roaming\MouseSpeedSwitcher\MouseSpeedSwitcher.log

Filesize
4KB

MD5
1588eb9af21b4eb94f7f5e6072cff9dd

SHA1
4b9a347b6b79e8a86d9e8c2ee956f87e4074aa60

SHA256
be70ca9f5f1311808fab44f19c397f480c62c8ef4caef5544f1436973a26ebb2

SHA512
36f263c6edebe10593de953b92207920f0498089da18d3a85485c2718756bcd6168333559a5803cd511066e733bde38b42c1f91de3fb49bf7c141a918370e152

Download Submit
memory/896-133-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/896-8-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/896-2-0x0000000000401000-0x00000000004B7000-memory.dmp

Filesize
728KB

Download
memory/896-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1120-95-0x0000000000400000-0x0000000000604000-memory.dmp

Filesize
2.0MB

Download
memory/1120-102-0x00000000027F0000-0x00000000029E7000-memory.dmp

Filesize
2.0MB

Download
memory/1120-98-0x00000000027F0000-0x00000000029E7000-memory.dmp

Filesize
2.0MB

Download
memory/1120-210-0x0000000000400000-0x0000000000604000-memory.dmp

Filesize
2.0MB

Download
memory/2036-212-0x00000000003C0000-0x000000000162C000-memory.dmp

Filesize
18.4MB

Download
memory/2036-105-0x00000000003C0000-0x000000000162C000-memory.dmp

Filesize
18.4MB

Download
memory/2036-211-0x00000000003C0000-0x000000000162C000-memory.dmp

Filesize
18.4MB

Download
memory/4324-206-0x00000000003C0000-0x000000000162C000-memory.dmp

Filesize
18.4MB

Download
memory/4324-81-0x00000000003C0000-0x000000000162C000-memory.dmp

Filesize
18.4MB

Download
memory/4324-92-0x00000000003C0000-0x000000000162C000-memory.dmp

Filesize
18.4MB

Download
memory/4732-132-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-13-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-11-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-9-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-6-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-15-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-17-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-19-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download
memory/4732-88-0x0000000000400000-0x000000000071C000-memory.dmp

Filesize
3.1MB

Download