a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db

Analysis

max time kernel
144s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220414-en
submitted
16-05-2022 13:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
Size

10.2MB
MD5

ec5515ab4e52b51c2e263eb59c309b9d
SHA1

e36a35e0bc24711217148b8a57845162a087723b
SHA256

a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db
SHA512

024319f5dfe366fb9cdab537553de504889897d556096fac0036ffa94a2b094675da74e4b58fd8d78cce40f24dab82e3cd4738820c1ec7ee00ba7f08ce786ffc

Score

7^/10

spyware stealer

Malware Config

Signatures

Loads dropped DLL 14 IoCs

Processes:

a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe

pid	process
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

powershell.exe

pid process

3328 powershell.exe
3328 powershell.exe
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description pid process

Token: SeDebugPrivilege 3328 powershell.exe

pid	process
3328	powershell.exe
3328	powershell.exe

description	pid	process
Token: SeDebugPrivilege	3328	powershell.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exea35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe

description	pid	process	target process
PID 4364 wrote to memory of 4784	4364	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
PID 4364 wrote to memory of 4784	4364	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
PID 4784 wrote to memory of 4460	4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe	cmd.exe
PID 4784 wrote to memory of 4460	4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe	cmd.exe
PID 4784 wrote to memory of 3328	4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe	powershell.exe
PID 4784 wrote to memory of 3328	4784	a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe	powershell.exe

C:\Users\Admin\AppData\Local\Temp\a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
"C:\Users\Admin\AppData\Local\Temp\a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4364

C:\Users\Admin\AppData\Local\Temp\a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe
"C:\Users\Admin\AppData\Local\Temp\a35be6ce368761a64bde737d567a798d6ed9cd96df2d34c05148c980932b13db.exe"
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4784

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title BetterScreenShare
3⤵
PID:4460

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe "ls C:/Users/Admin -recurse \"*exe\""
3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3328

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_MEI43642\VCRUNTIME140.dll
Filesize
99KB

MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\VCRUNTIME140.dll
Filesize
99KB

MD5
18571d6663b7d9ac95f2821c203e471f

SHA1
3c186018df04e875d6b9f83521028a21f145e3be

SHA256
0b040a314c19ff88f38fd9c89dca2d493113a6109adb8525733c3f6627da888f

SHA512
c8cbca1072b8cb04f9d82135c91ff6d7a539cb7a488671cecb6b5e2f11a4807f47ad9af5a87ebee44984ab71d7c44fc87850f9d04fd2c5019ec1b6a1b483ca21

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_bz2.pyd
Filesize
84KB

MD5
8394e82d52e784e535b1ec992a7f8c32

SHA1
fd86dc3b455943456697e03977ccdace4053ef8b

SHA256
c019f25325597213805cbf7b1049b85d7ae7369c73114ccd1bea5d189a8ff978

SHA512
7fccf96a9b259e7fbd0a4d928b29ab4736843ae659d2b02466d4395f1a57c8212eb7730a25d9fb665062f77a980e3cdb6aac820791dfa98f4028addc22286df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_bz2.pyd
Filesize
84KB

MD5
8394e82d52e784e535b1ec992a7f8c32

SHA1
fd86dc3b455943456697e03977ccdace4053ef8b

SHA256
c019f25325597213805cbf7b1049b85d7ae7369c73114ccd1bea5d189a8ff978

SHA512
7fccf96a9b259e7fbd0a4d928b29ab4736843ae659d2b02466d4395f1a57c8212eb7730a25d9fb665062f77a980e3cdb6aac820791dfa98f4028addc22286df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_ctypes.pyd
Filesize
123KB

MD5
890e9cfab85234fad3f1ae83b092c7cc

SHA1
85419a7cb1e1fa0275b07cf451c1125c31e8b1f7

SHA256
99a40375974e560d0ed9756dcfb77ac3aaaecf2434b442f0f3df908cfe7e821f

SHA512
421d5c161046f57b5d7f94eb628f041b029ff229f08bf0f211d1432b6501ffefa2a57829e74284101f6746f61add1461f1125aefdf3d39027492427a509aa511

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_ctypes.pyd
Filesize
123KB

MD5
890e9cfab85234fad3f1ae83b092c7cc

SHA1
85419a7cb1e1fa0275b07cf451c1125c31e8b1f7

SHA256
99a40375974e560d0ed9756dcfb77ac3aaaecf2434b442f0f3df908cfe7e821f

SHA512
421d5c161046f57b5d7f94eb628f041b029ff229f08bf0f211d1432b6501ffefa2a57829e74284101f6746f61add1461f1125aefdf3d39027492427a509aa511

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_hashlib.pyd
Filesize
45KB

MD5
0e06dabd422e093cd7e98e1be6150e8f

SHA1
215e88d0766fb614ab5d4fee27b53af0c289d86f

SHA256
4df493fedb9b7dd97cad3803dc7ae89e98a029fd4ede738a32f489699292c97f

SHA512
0585cc9db3f6146ba2af3e30fcba3b6ef2a91f3c37f241dad6c88bd2cfdba0016a148682a4a6fa665e575b1fc761e4c84f679ea009d230c3d969bf4bcffe99b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_hashlib.pyd
Filesize
45KB

MD5
0e06dabd422e093cd7e98e1be6150e8f

SHA1
215e88d0766fb614ab5d4fee27b53af0c289d86f

SHA256
4df493fedb9b7dd97cad3803dc7ae89e98a029fd4ede738a32f489699292c97f

SHA512
0585cc9db3f6146ba2af3e30fcba3b6ef2a91f3c37f241dad6c88bd2cfdba0016a148682a4a6fa665e575b1fc761e4c84f679ea009d230c3d969bf4bcffe99b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_lzma.pyd
Filesize
158KB

MD5
ae9c6dc60d0c38ab10cb7db602ef4243

SHA1
59524ba8b6aa161faad69ad10ac8b707962dd64d

SHA256
589f36321db4db388639353dfa31e0c66e3d1926f0bb29166df3dc9c33624c0e

SHA512
c56b2d739a7854c8e71fe935c2b6c0cbdc9915d73c8ea6445c6b0c4a066d42be13befb1149507c86ea6b404ccd71e7a2d5a12a1101bc9fc886c60c47beb3e4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_lzma.pyd
Filesize
158KB

MD5
ae9c6dc60d0c38ab10cb7db602ef4243

SHA1
59524ba8b6aa161faad69ad10ac8b707962dd64d

SHA256
589f36321db4db388639353dfa31e0c66e3d1926f0bb29166df3dc9c33624c0e

SHA512
c56b2d739a7854c8e71fe935c2b6c0cbdc9915d73c8ea6445c6b0c4a066d42be13befb1149507c86ea6b404ccd71e7a2d5a12a1101bc9fc886c60c47beb3e4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_queue.pyd
Filesize
27KB

MD5
72b012d7abd35874de08477d9539ec9f

SHA1
0d4b31e933f91d3448d9ac5a83ddbb7b65c84c12

SHA256
153586ba92a1dbd57ceba093c766bff50e7dd5fb94bcca90b168ec28a582c099

SHA512
0d8c3a10fe5bd9a0f3016c4db743f18f3e309822cfdee4aa42893e002e678dacdfe903c8359a4f97613a513547ce9692dfbed491a612db70ba812f74e67fcf0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_queue.pyd
Filesize
27KB

MD5
72b012d7abd35874de08477d9539ec9f

SHA1
0d4b31e933f91d3448d9ac5a83ddbb7b65c84c12

SHA256
153586ba92a1dbd57ceba093c766bff50e7dd5fb94bcca90b168ec28a582c099

SHA512
0d8c3a10fe5bd9a0f3016c4db743f18f3e309822cfdee4aa42893e002e678dacdfe903c8359a4f97613a513547ce9692dfbed491a612db70ba812f74e67fcf0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_socket.pyd
Filesize
77KB

MD5
281d795dcee077b9584bee76d1215491

SHA1
e4b3d62dfc026ea9fc79f8707f5064b907cc31fc

SHA256
e4314a553d10c1cbfecaca60fdd10491c44c8cc1fe577e7ec0478fab02e7de74

SHA512
f8a903a944d5fe25a7c005d0e5af84ae798f2ce21b1e0cfaf0643544947bfd8f0935888e15b2d015c9b155aa96289339d534cee540fcbbf0cdb0f75503be6879

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_socket.pyd
Filesize
77KB

MD5
281d795dcee077b9584bee76d1215491

SHA1
e4b3d62dfc026ea9fc79f8707f5064b907cc31fc

SHA256
e4314a553d10c1cbfecaca60fdd10491c44c8cc1fe577e7ec0478fab02e7de74

SHA512
f8a903a944d5fe25a7c005d0e5af84ae798f2ce21b1e0cfaf0643544947bfd8f0935888e15b2d015c9b155aa96289339d534cee540fcbbf0cdb0f75503be6879

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_ssl.pyd
Filesize
150KB

MD5
0a73996c42e200e23ed2c8666ab3e21e

SHA1
513ddf3a55f8e512b7815e82ee7e05c979ebe2cd

SHA256
5749e35f1135e86e20222c246fcccf2f80358721cd05d56988c3a036b8cb7591

SHA512
cc0bb58a0c4f4cefcdb42b3c5af4447e4784a29b6abcbf200bf70897ed49d0cb7d13516544ca43b9b0681b0828e529dd5200f1de2371be6b98299e58e901f169

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\_ssl.pyd
Filesize
150KB

MD5
0a73996c42e200e23ed2c8666ab3e21e

SHA1
513ddf3a55f8e512b7815e82ee7e05c979ebe2cd

SHA256
5749e35f1135e86e20222c246fcccf2f80358721cd05d56988c3a036b8cb7591

SHA512
cc0bb58a0c4f4cefcdb42b3c5af4447e4784a29b6abcbf200bf70897ed49d0cb7d13516544ca43b9b0681b0828e529dd5200f1de2371be6b98299e58e901f169

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\base_library.zip
Filesize
768KB

MD5
c7f9756f69c60d55875b1c636b1fd967

SHA1
5932856dfefc0cd6c6d0746272079573484bbade

SHA256
b8fadcdaa2f424136861174cf65c99bad5ce1ac160fff68b8eee365c4dd7a37f

SHA512
d3291243e5cd3e893545052ff8cf38b2d9b90d2b37ccebace7711f72029965ce7d2713c825b7a2ae88e059e45438f8c83a16d04d801b04adaf834798dbdb9840

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\certifi\cacert.pem
Filesize
275KB

MD5
c760591283d5a4a987ad646b35de3717

SHA1
5d10cbd25ac1c7ced5bfb3d6f185fa150f6ea134

SHA256
1a14f6e1fd11efff72e1863f8645f090eec1b616614460c210c3b7e3c13d4b5e

SHA512
c192ae381008eaf180782e6e40cd51834e0233e98942bd071768308e179f58f3530e6e883f245a2630c86923dbeb68b624c5ec2167040d749813fedc37a6d1e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\libcrypto-1_1.dll
Filesize
3.2MB

MD5
cc4cbf715966cdcad95a1e6c95592b3d

SHA1
d5873fea9c084bcc753d1c93b2d0716257bea7c3

SHA256
594303e2ce6a4a02439054c84592791bf4ab0b7c12e9bbdb4b040e27251521f1

SHA512
3b5af9fbbc915d172648c2b0b513b5d2151f940ccf54c23148cd303e6660395f180981b148202bef76f5209acc53b8953b1cb067546f90389a6aa300c1fbe477

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\libffi-7.dll
Filesize
32KB

MD5
eef7981412be8ea459064d3090f4b3aa

SHA1
c60da4830ce27afc234b3c3014c583f7f0a5a925

SHA256
f60dd9f2fcbd495674dfc1555effb710eb081fc7d4cae5fa58c438ab50405081

SHA512
dc9ff4202f74a13ca9949a123dff4c0223da969f49e9348feaf93da4470f7be82cfa1d392566eaaa836d77dde7193fed15a8395509f72a0e9f97c66c0a096016

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\libssl-1_1.dll
Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\libssl-1_1.dll
Filesize
673KB

MD5
bc778f33480148efa5d62b2ec85aaa7d

SHA1
b1ec87cbd8bc4398c6ebb26549961c8aab53d855

SHA256
9d4cf1c03629f92662fc8d7e3f1094a7fc93cb41634994464b853df8036af843

SHA512
80c1dd9d0179e6cc5f33eb62d05576a350af78b5170bfdf2ecda16f1d8c3c2d0e991a5534a113361ae62079fb165fff2344efd1b43031f1a7bfda696552ee173

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\python38.dll
Filesize
4.0MB

MD5
8a6a13127f64757556080d3e4a7e45a0

SHA1
8e9a8e85cebcab07bf62033529ca5631a6d725dd

SHA256
54a34bd2efd0c3dd2ee950adf05d9344c70b0dac40311935763a3f171482a4d9

SHA512
2d4f9cbc544be4c38fccaf618806744bda5065853fa0e7f08bf359994db4bfd29d1cc8ee188ce5e7bfd0c78f7e7625f257fc05e9e736df794fb19fa9738cca16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\python38.dll
Filesize
4.0MB

MD5
8a6a13127f64757556080d3e4a7e45a0

SHA1
8e9a8e85cebcab07bf62033529ca5631a6d725dd

SHA256
54a34bd2efd0c3dd2ee950adf05d9344c70b0dac40311935763a3f171482a4d9

SHA512
2d4f9cbc544be4c38fccaf618806744bda5065853fa0e7f08bf359994db4bfd29d1cc8ee188ce5e7bfd0c78f7e7625f257fc05e9e736df794fb19fa9738cca16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\select.pyd
Filesize
26KB

MD5
53dc8b954b1666a6b763af2987090811

SHA1
623224a6bd4e892fe4ed0efbbc48da6a0fd8f9d1

SHA256
088cee4291aa57c0745aacd33cc7761451cbc668b10507fb9ca8af7dfdc1bffa

SHA512
c9742b33fc192b7fd5aee36783fb0ee0f4715415d4dc6567807bc92cfd756e65963d342238f108facac62a73384a6d1bc19fb2094cac398dc62cab60e51780d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\select.pyd
Filesize
26KB

MD5
53dc8b954b1666a6b763af2987090811

SHA1
623224a6bd4e892fe4ed0efbbc48da6a0fd8f9d1

SHA256
088cee4291aa57c0745aacd33cc7761451cbc668b10507fb9ca8af7dfdc1bffa

SHA512
c9742b33fc192b7fd5aee36783fb0ee0f4715415d4dc6567807bc92cfd756e65963d342238f108facac62a73384a6d1bc19fb2094cac398dc62cab60e51780d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\unicodedata.pyd
Filesize
1.0MB

MD5
ae6ca1fd8c4755743efa6c326f6488d0

SHA1
99f17eea9329894ed83587b8e34a8f99272e1c22

SHA256
c8b48d5d323faaf49fc96eed77a623c2ed07fbe4a8efc97e04350c0031789b89

SHA512
05406fc8939b8a5aa942cb2f5d97fcb8f732a836a2f010549d39223c4244e734917b5c8de5a5507e4069879f45c928108bb8041af8900dfca4a971750e54e3ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI43642\unicodedata.pyd
Filesize
1.0MB

MD5
ae6ca1fd8c4755743efa6c326f6488d0

SHA1
99f17eea9329894ed83587b8e34a8f99272e1c22

SHA256
c8b48d5d323faaf49fc96eed77a623c2ed07fbe4a8efc97e04350c0031789b89

SHA512
05406fc8939b8a5aa942cb2f5d97fcb8f732a836a2f010549d39223c4244e734917b5c8de5a5507e4069879f45c928108bb8041af8900dfca4a971750e54e3ce

Download Submit
memory/3328-162-0x0000000000000000-mapping.dmp

Download
memory/3328-163-0x00000244F5210000-0x00000244F5232000-memory.dmp

Filesize
136KB

Download
memory/3328-164-0x00007FFEFBEF0000-0x00007FFEFC9B1000-memory.dmp

Filesize
10.8MB

Download
memory/4460-161-0x0000000000000000-mapping.dmp

Download
memory/4784-130-0x0000000000000000-mapping.dmp

Download