darkcomet | 2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be

Analysis

max time kernel
150s
max time network
121s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
01-07-2024 02:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
Size

520KB
MD5

9796eb898d3dd8b1bb02fa21b3f653e0
SHA1

4265029d07074436a1843c343a06f47f9d2c099b
SHA256

2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be
SHA512

e63a634b40e227bfbd5cb7fe63425f3be30fa12929529e9e440453b9b19840508b20119ac8b84ea0cb73b40e3103633dedb833ceed8b47fda98c667fce14672a
SSDEEP

6144:f9GGo2CwtGg6eeihEfph2CMvvqqSaYwpncOeC66AOa0aFtVEQfTo1ozVqMbx:f9fC3hh29Ya77A90aFtDfT5IMbx

Score

10^/10

darkcomet privateeye persistence rat trojan upx

Malware Config

Extracted

Family

darkcomet

Botnet

PrivateEye

ratblackshades.no-ip.biz:1604

Mutex

DC_MUTEX-ACC1R98

Attributes

gencode
8GG5LVVGljSF
install
false
offline_keylogger
true
persistence
false

Signatures

Darkcomet
DarkComet is a remote access trojan (RAT) developed by Jean-Pierre Lesueur.
trojan rat darkcomet
Executes dropped EXE 3 IoCs

Processes:

winupd.exewinupd.exewinupd.exe

pid process

2660 winupd.exe
2556 winupd.exe
2600 winupd.exe

pid	process
2660	winupd.exe
2556	winupd.exe
2600	winupd.exe

Loads dropped DLL 4 IoCs

Processes:

2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exewinupd.exe

pid	process
2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
2660	winupd.exe
2660	winupd.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
behavioral1/memory/2600-64-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-61-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-59-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-56-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-54-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-73-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-75-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-78-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-77-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-76-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-74-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-82-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-83-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-84-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-85-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-86-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-87-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-88-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-89-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-90-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-91-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-92-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-93-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-94-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-95-0x0000000000400000-0x00000000004B7000-memory.dmp	upx
behavioral1/memory/2600-96-0x0000000000400000-0x00000000004B7000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\Windows\CurrentVersion\Run\WinUpdate = "C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\winupd.exe -notray"	reg.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exewinupd.exe

description	pid	process	target process
PID 1928 set thread context of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 2660 set thread context of 2556	2660	winupd.exe	winupd.exe
PID 2660 set thread context of 2600	2660	winupd.exe	winupd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Gathers network information 2 TTPs 1 IoCs
Uses commandline utility to view network configuration.

System Information Discovery
T1082

Command and Scripting Interpreter
T1059

Processes:

ipconfig.exe

pid process

2396 ipconfig.exe
Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

2900 reg.exe

pid	process
2396	ipconfig.exe

pid	process
2900	reg.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

Processes:

winupd.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2600	winupd.exe
Token: SeSecurityPrivilege	2600	winupd.exe
Token: SeTakeOwnershipPrivilege	2600	winupd.exe
Token: SeLoadDriverPrivilege	2600	winupd.exe
Token: SeSystemProfilePrivilege	2600	winupd.exe
Token: SeSystemtimePrivilege	2600	winupd.exe
Token: SeProfSingleProcessPrivilege	2600	winupd.exe
Token: SeIncBasePriorityPrivilege	2600	winupd.exe
Token: SeCreatePagefilePrivilege	2600	winupd.exe
Token: SeBackupPrivilege	2600	winupd.exe
Token: SeRestorePrivilege	2600	winupd.exe
Token: SeShutdownPrivilege	2600	winupd.exe
Token: SeDebugPrivilege	2600	winupd.exe
Token: SeSystemEnvironmentPrivilege	2600	winupd.exe
Token: SeChangeNotifyPrivilege	2600	winupd.exe
Token: SeRemoteShutdownPrivilege	2600	winupd.exe
Token: SeUndockPrivilege	2600	winupd.exe
Token: SeManageVolumePrivilege	2600	winupd.exe
Token: SeImpersonatePrivilege	2600	winupd.exe
Token: SeCreateGlobalPrivilege	2600	winupd.exe
Token: 33	2600	winupd.exe
Token: 34	2600	winupd.exe
Token: 35	2600	winupd.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exewinupd.exewinupd.exewinupd.exe

pid	process
1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
2660	winupd.exe
2556	winupd.exe
2600	winupd.exe

Suspicious use of WriteProcessMemory 44 IoCs

Processes:

2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exewinupd.exewinupd.exeipconfig.execmd.exe

description	pid	process	target process
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 1928 wrote to memory of 2188	1928	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
PID 2188 wrote to memory of 2660	2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	winupd.exe
PID 2188 wrote to memory of 2660	2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	winupd.exe
PID 2188 wrote to memory of 2660	2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	winupd.exe
PID 2188 wrote to memory of 2660	2188	2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2556	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2660 wrote to memory of 2600	2660	winupd.exe	winupd.exe
PID 2556 wrote to memory of 2396	2556	winupd.exe	ipconfig.exe
PID 2556 wrote to memory of 2396	2556	winupd.exe	ipconfig.exe
PID 2556 wrote to memory of 2396	2556	winupd.exe	ipconfig.exe
PID 2556 wrote to memory of 2396	2556	winupd.exe	ipconfig.exe
PID 2556 wrote to memory of 2396	2556	winupd.exe	ipconfig.exe
PID 2556 wrote to memory of 2396	2556	winupd.exe	ipconfig.exe
PID 2396 wrote to memory of 2580	2396	ipconfig.exe	cmd.exe
PID 2396 wrote to memory of 2580	2396	ipconfig.exe	cmd.exe
PID 2396 wrote to memory of 2580	2396	ipconfig.exe	cmd.exe
PID 2396 wrote to memory of 2580	2396	ipconfig.exe	cmd.exe
PID 2580 wrote to memory of 2900	2580	cmd.exe	reg.exe
PID 2580 wrote to memory of 2900	2580	cmd.exe	reg.exe
PID 2580 wrote to memory of 2900	2580	cmd.exe	reg.exe
PID 2580 wrote to memory of 2900	2580	cmd.exe	reg.exe

C:\Users\Admin\AppData\Local\Temp\2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1928

C:\Users\Admin\AppData\Local\Temp\2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\2f5a4ef689e44124705c9f4c288e62ba7771b58e408aa9295db061eee333b8be_NeikiAnalytics.exe"
2⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2188

C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe -notray
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2660

C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556

C:\Windows\SysWOW64\ipconfig.exe
"C:\Windows\system32\ipconfig.exe"
5⤵
- Gathers network information
- Suspicious use of WriteProcessMemory
PID:2396

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\KGUSJTML.bat" "
6⤵
- Suspicious use of WriteProcessMemory
PID:2580

C:\Windows\SysWOW64\reg.exe
REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v WinUpdate /t REG_SZ /d "C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe -notray" /f
7⤵
- Adds Run key to start application
- Modifies registry key
PID:2900

C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\winupd.exe"
4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2600

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\KGUSJTML.bat
Filesize
151B

MD5
cac890d00365d07b9ca89def17cc3a36

SHA1
6fa99679ede791c16b5d3e6d243a98e8bbdb7eab

SHA256
4f98ddee89760080a5c8a93666d2f5c97be52b741265ef4d1ce9aaebf05f12da

SHA512
124dc0b18e13425bde43bcbbe2a99005928e398bffcb458d498aac9e754bc5b92b703270667800876c60b0801343f2de8c6b9a1eebafd80bb4f6d5dc295dd9f1

Download Submit
\Users\Admin\AppData\Roaming\Microsoft\winupd.exe
Filesize
520KB

MD5
b08d51cd0c63ca631317c638e5f61159

SHA1
eca842e20dd46157b5f955ca18fff57d3c6ed899

SHA256
0d593b3b01a2ffb97936a20ae733457171a6bdf3325eec445ee5a78f99d1567d

SHA512
4e8bae101d3c024105104388fddaf3ff12d2c14404dfb5b7db0a61666faf253876d476d06a335f45d3deb0b5cb286f7cace80979ec3005ac081513449e82b1f7

Download Submit
memory/1928-19-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1928-20-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1928-2-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1928-21-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/1928-15-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2188-11-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2188-22-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2188-5-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2188-13-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2188-7-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2188-3-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2188-67-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2396-71-0x0000000000080000-0x0000000000081000-memory.dmp

Filesize
4KB

Download
memory/2556-80-0x0000000000400000-0x0000000000407000-memory.dmp

Filesize
28KB

Download
memory/2600-73-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-82-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-59-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-56-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-54-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-52-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-61-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-96-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-75-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-78-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-77-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-64-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-95-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-76-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-74-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-94-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-83-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-84-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-85-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-86-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-87-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-88-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-89-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-90-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-91-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-92-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2600-93-0x0000000000400000-0x00000000004B7000-memory.dmp

Filesize
732KB

Download
memory/2660-62-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2660-36-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2660-63-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download