Overview

overview

10

Static

static

0c0a0bc81a...15.exe

windows7-x64

10

0c0a0bc81a...15.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    04-10-2022 03:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0c0a0bc81a10e2fdfba7260bfe8f3475ea96984ec9c0d3f93a0591e192b7ab15.exe

  • Size

    460KB

  • MD5

    04e6b154f1d3fa9b12ecc955765e6bce

  • SHA1

    6bf3bfa52e54df3208c2643baeecfcc82d01ef4c

  • SHA256

    0c0a0bc81a10e2fdfba7260bfe8f3475ea96984ec9c0d3f93a0591e192b7ab15

  • SHA512

    6a0c9f9bcea518d89c943c41fdf604eb7cda10522fa903a5f782fca5c9420de2264e3cf8be3733f293103ab1067c6ed2a9fd632827fb7c92cce46aeb7c668c62

  • SSDEEP

    12288:llSt6oIHNOhU5O5TYo4XqTig5GSR9CClDDL:llSt69HNx6T/5xT

Score
10/10
evasionpersistenceupx

Malware Config

Signatures

  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs
    evasion
  • Executes dropped EXE 7 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Deletes itself 1 IoCs
  • Loads dropped DLL 10 IoCs
  • Adds Run key to start application 2 TTPs 53 IoCs
    persistence
  • Drops desktop.ini file(s) 2 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates processes with tasklist 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 52 IoCs

Processes

  • C:\Windows\system32\csrss.exe
    %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
    1⤵
    • Executes dropped EXE
    • Drops desktop.ini file(s)
    • Suspicious use of UnmapMainImage
    • Suspicious use of WriteProcessMemory
    PID:336
  • C:\Windows\Explorer.EXE
    C:\Windows\Explorer.EXE
    1⤵
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:1244
    • C:\Users\Admin\AppData\Local\Temp\0c0a0bc81a10e2fdfba7260bfe8f3475ea96984ec9c0d3f93a0591e192b7ab15.exe
      "C:\Users\Admin\AppData\Local\Temp\0c0a0bc81a10e2fdfba7260bfe8f3475ea96984ec9c0d3f93a0591e192b7ab15.exe"
      2⤵
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1060
      • C:\Users\Admin\iBdqphzke5.exe
        C:\Users\Admin\iBdqphzke5.exe
        3⤵
        • Modifies visiblity of hidden/system files in Explorer
        • Executes dropped EXE
        • Loads dropped DLL
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:888
        • C:\Users\Admin\bigow.exe
          "C:\Users\Admin\bigow.exe"
          4⤵
          • Modifies visiblity of hidden/system files in Explorer
          • Executes dropped EXE
          • Adds Run key to start application
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of SetWindowsHookEx
          PID:1736
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c tasklist&&del iBdqphzke5.exe
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:1724
          • C:\Windows\SysWOW64\tasklist.exe
            tasklist
            5⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:1904
      • C:\Users\Admin\astat.exe
        C:\Users\Admin\astat.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1348
        • C:\Users\Admin\astat.exe
          "C:\Users\Admin\astat.exe"
          4⤵
          • Executes dropped EXE
          • Suspicious behavior: EnumeratesProcesses
          PID:1224
      • C:\Users\Admin\dstat.exe
        C:\Users\Admin\dstat.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:1960
      • C:\Users\Admin\fstat.exe
        C:\Users\Admin\fstat.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:292
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\system32\cmd.exe"
          4⤵
            PID:940
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe" /c tasklist&&del 0c0a0bc81a10e2fdfba7260bfe8f3475ea96984ec9c0d3f93a0591e192b7ab15.exe
          3⤵
          • Deletes itself
          • Suspicious use of WriteProcessMemory
          PID:1200
          • C:\Windows\SysWOW64\tasklist.exe
            tasklist
            4⤵
            • Enumerates processes with tasklist
            • Suspicious use of AdjustPrivilegeToken
            PID:2016
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k netsvcs
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:868

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\astat.exe
      Filesize

      60KB

      MD5

      87c6498966e3f85fac743c89050aa312

      SHA1

      05c165c34cbfa14e4925c33ace81992b0f50a2b5

      SHA256

      30c8328585e41968aff773da16cedbe590dcefd293c7fa74a69c557ecbf2c3c5

      SHA512

      740f7159ee78f73e57c92e583b8c4f97c5dd49b68b9c321da976d7e318819daa28e8dfc76e95e1e3ccee643dc464324c40b481d1849863e287d826adb577b420

      Download Submit

    • C:\Users\Admin\astat.exe
      Filesize

      60KB

      MD5

      87c6498966e3f85fac743c89050aa312

      SHA1

      05c165c34cbfa14e4925c33ace81992b0f50a2b5

      SHA256

      30c8328585e41968aff773da16cedbe590dcefd293c7fa74a69c557ecbf2c3c5

      SHA512

      740f7159ee78f73e57c92e583b8c4f97c5dd49b68b9c321da976d7e318819daa28e8dfc76e95e1e3ccee643dc464324c40b481d1849863e287d826adb577b420

      Download Submit

    • C:\Users\Admin\astat.exe
      Filesize

      60KB

      MD5

      87c6498966e3f85fac743c89050aa312

      SHA1

      05c165c34cbfa14e4925c33ace81992b0f50a2b5

      SHA256

      30c8328585e41968aff773da16cedbe590dcefd293c7fa74a69c557ecbf2c3c5

      SHA512

      740f7159ee78f73e57c92e583b8c4f97c5dd49b68b9c321da976d7e318819daa28e8dfc76e95e1e3ccee643dc464324c40b481d1849863e287d826adb577b420

      Download Submit

    • C:\Users\Admin\bigow.exe
      Filesize

      244KB

      MD5

      d6768ee4a83b0624ceba2c71fea7b5e1

      SHA1

      2355b184500457ada31d03e93255e85db5756373

      SHA256

      18a95faea69db9d59b833fa6c6579193e32fd8b561f249e33a817ba06dea81a5

      SHA512

      93e6129721d670b1082c75ee6bba87d8f2b569189a5bf0ff40b7efd1d71d1e1d5da98a2e9b33145ecc4bf7523350449671127e7a5a5d00eebba4586b823a7da7

      Download Submit

    • C:\Users\Admin\bigow.exe
      Filesize

      244KB

      MD5

      d6768ee4a83b0624ceba2c71fea7b5e1

      SHA1

      2355b184500457ada31d03e93255e85db5756373

      SHA256

      18a95faea69db9d59b833fa6c6579193e32fd8b561f249e33a817ba06dea81a5

      SHA512

      93e6129721d670b1082c75ee6bba87d8f2b569189a5bf0ff40b7efd1d71d1e1d5da98a2e9b33145ecc4bf7523350449671127e7a5a5d00eebba4586b823a7da7

      Download Submit

    • C:\Users\Admin\dstat.exe
      Filesize

      36KB

      MD5

      b6da847084e39e0cecf175c32c91b4bb

      SHA1

      fbfd9494fabed5220cdf01866ff088fe7adc535b

      SHA256

      065781e8a55cf59cb926d5950e0039e19b50b1e081023404fbff4d7a32fc9cbe

      SHA512

      59d372ea36904cd48c99f2f34740c22004b35c5e5dada2417813b0463292af19e4aa5ba4552cc443da373e40ba03a1f7906019a567806806f5972c202a31d9d2

      Download Submit

    • C:\Users\Admin\fstat.exe
      Filesize

      271KB

      MD5

      34353cf7e1d1b10bcbbcae0745110535

      SHA1

      2fb471681daac6f6d66477b7772025da4f58c508

      SHA256

      b2d7a66e2d10d8943e48d6f3ad75237ff379e82ab0101a620406c4569be1d959

      SHA512

      7404f82abfabd21d6f2a88b55f6f0ff886bb0a1f16a9d45c6883d74daa26451f862a10a78646c549c3a3264ba4bd9fb44949d470493af895973dd05a0ec311e6

      Download Submit

    • C:\Users\Admin\fstat.exe
      Filesize

      271KB

      MD5

      34353cf7e1d1b10bcbbcae0745110535

      SHA1

      2fb471681daac6f6d66477b7772025da4f58c508

      SHA256

      b2d7a66e2d10d8943e48d6f3ad75237ff379e82ab0101a620406c4569be1d959

      SHA512

      7404f82abfabd21d6f2a88b55f6f0ff886bb0a1f16a9d45c6883d74daa26451f862a10a78646c549c3a3264ba4bd9fb44949d470493af895973dd05a0ec311e6

      Download Submit

    • C:\Users\Admin\iBdqphzke5.exe
      Filesize

      244KB

      MD5

      a4cdb62cf4866a17e742e7e9cc73d237

      SHA1

      30d94f8e872455ac569949ac4c768d0a0cdfbba7

      SHA256

      c741d649bf5b72fbe97470820ce994ce29b153baae14af10c3a2a9adc3098b32

      SHA512

      c4447f95565d3e5dc0ef7712382325280bedf127ac682f85f4043b586afb4188633f2c73277595eb31fe45d992107492f42c82a71f448286a9cb8fac4bfb3671

      Download Submit

    • C:\Users\Admin\iBdqphzke5.exe
      Filesize

      244KB

      MD5

      a4cdb62cf4866a17e742e7e9cc73d237

      SHA1

      30d94f8e872455ac569949ac4c768d0a0cdfbba7

      SHA256

      c741d649bf5b72fbe97470820ce994ce29b153baae14af10c3a2a9adc3098b32

      SHA512

      c4447f95565d3e5dc0ef7712382325280bedf127ac682f85f4043b586afb4188633f2c73277595eb31fe45d992107492f42c82a71f448286a9cb8fac4bfb3671

      Download Submit

    • C:\Windows\system32\consrv.dll
      Filesize

      53KB

      MD5

      4d7cde615a0f534bd5e359951829554b

      SHA1

      c885d00d9000f2a5dbc78f6193a052b36f4fe968

      SHA256

      414fdf9bdcae5136c1295d6d24740c50a484acd81f1f7d0fb5d5c138607cb80a

      SHA512

      33d632f9fbb694440a1ca568c90518784278efd1dc9ee2b57028149d56ebe1f7346d5b59dcfafee2eeaa10091dda05f48958e909d6bfc891e037ae1cfbd048d4

      Download Submit

    • \??\globalroot\systemroot\assembly\temp\@
      Filesize

      2KB

      MD5

      22767e6567e3f64be89ad2f9a54c726a

      SHA1

      cda2b1ee9bef1800d8ca5d0aebe2fc0b447278a1

      SHA256

      93018691e729519d8dad702d11da47595c537893fdee068f64bd0023ef50c71c

      SHA512

      c81d541e074c8646c66c936065d300535e5075147f89a98a03c5febf4b5ff1fcbbc495cab655fbf8d2524fedd4ab5a3d27d224f3d0f39059562029f67540228b

      Download Submit

    • \Users\Admin\astat.exe
      Filesize

      60KB

      MD5

      87c6498966e3f85fac743c89050aa312

      SHA1

      05c165c34cbfa14e4925c33ace81992b0f50a2b5

      SHA256

      30c8328585e41968aff773da16cedbe590dcefd293c7fa74a69c557ecbf2c3c5

      SHA512

      740f7159ee78f73e57c92e583b8c4f97c5dd49b68b9c321da976d7e318819daa28e8dfc76e95e1e3ccee643dc464324c40b481d1849863e287d826adb577b420

      Download Submit

    • \Users\Admin\astat.exe
      Filesize

      60KB

      MD5

      87c6498966e3f85fac743c89050aa312

      SHA1

      05c165c34cbfa14e4925c33ace81992b0f50a2b5

      SHA256

      30c8328585e41968aff773da16cedbe590dcefd293c7fa74a69c557ecbf2c3c5

      SHA512

      740f7159ee78f73e57c92e583b8c4f97c5dd49b68b9c321da976d7e318819daa28e8dfc76e95e1e3ccee643dc464324c40b481d1849863e287d826adb577b420

      Download Submit

    • \Users\Admin\bigow.exe
      Filesize

      244KB

      MD5

      d6768ee4a83b0624ceba2c71fea7b5e1

      SHA1

      2355b184500457ada31d03e93255e85db5756373

      SHA256

      18a95faea69db9d59b833fa6c6579193e32fd8b561f249e33a817ba06dea81a5

      SHA512

      93e6129721d670b1082c75ee6bba87d8f2b569189a5bf0ff40b7efd1d71d1e1d5da98a2e9b33145ecc4bf7523350449671127e7a5a5d00eebba4586b823a7da7

      Download Submit

    • \Users\Admin\bigow.exe
      Filesize

      244KB

      MD5

      d6768ee4a83b0624ceba2c71fea7b5e1

      SHA1

      2355b184500457ada31d03e93255e85db5756373

      SHA256

      18a95faea69db9d59b833fa6c6579193e32fd8b561f249e33a817ba06dea81a5

      SHA512

      93e6129721d670b1082c75ee6bba87d8f2b569189a5bf0ff40b7efd1d71d1e1d5da98a2e9b33145ecc4bf7523350449671127e7a5a5d00eebba4586b823a7da7

      Download Submit

    • \Users\Admin\dstat.exe
      Filesize

      36KB

      MD5

      b6da847084e39e0cecf175c32c91b4bb

      SHA1

      fbfd9494fabed5220cdf01866ff088fe7adc535b

      SHA256

      065781e8a55cf59cb926d5950e0039e19b50b1e081023404fbff4d7a32fc9cbe

      SHA512

      59d372ea36904cd48c99f2f34740c22004b35c5e5dada2417813b0463292af19e4aa5ba4552cc443da373e40ba03a1f7906019a567806806f5972c202a31d9d2

      Download Submit

    • \Users\Admin\dstat.exe
      Filesize

      36KB

      MD5

      b6da847084e39e0cecf175c32c91b4bb

      SHA1

      fbfd9494fabed5220cdf01866ff088fe7adc535b

      SHA256

      065781e8a55cf59cb926d5950e0039e19b50b1e081023404fbff4d7a32fc9cbe

      SHA512

      59d372ea36904cd48c99f2f34740c22004b35c5e5dada2417813b0463292af19e4aa5ba4552cc443da373e40ba03a1f7906019a567806806f5972c202a31d9d2

      Download Submit

    • \Users\Admin\fstat.exe
      Filesize

      271KB

      MD5

      34353cf7e1d1b10bcbbcae0745110535

      SHA1

      2fb471681daac6f6d66477b7772025da4f58c508

      SHA256

      b2d7a66e2d10d8943e48d6f3ad75237ff379e82ab0101a620406c4569be1d959

      SHA512

      7404f82abfabd21d6f2a88b55f6f0ff886bb0a1f16a9d45c6883d74daa26451f862a10a78646c549c3a3264ba4bd9fb44949d470493af895973dd05a0ec311e6

      Download Submit

    • \Users\Admin\fstat.exe
      Filesize

      271KB

      MD5

      34353cf7e1d1b10bcbbcae0745110535

      SHA1

      2fb471681daac6f6d66477b7772025da4f58c508

      SHA256

      b2d7a66e2d10d8943e48d6f3ad75237ff379e82ab0101a620406c4569be1d959

      SHA512

      7404f82abfabd21d6f2a88b55f6f0ff886bb0a1f16a9d45c6883d74daa26451f862a10a78646c549c3a3264ba4bd9fb44949d470493af895973dd05a0ec311e6

      Download Submit

    • \Users\Admin\iBdqphzke5.exe
      Filesize

      244KB

      MD5

      a4cdb62cf4866a17e742e7e9cc73d237

      SHA1

      30d94f8e872455ac569949ac4c768d0a0cdfbba7

      SHA256

      c741d649bf5b72fbe97470820ce994ce29b153baae14af10c3a2a9adc3098b32

      SHA512

      c4447f95565d3e5dc0ef7712382325280bedf127ac682f85f4043b586afb4188633f2c73277595eb31fe45d992107492f42c82a71f448286a9cb8fac4bfb3671

      Download Submit

    • \Users\Admin\iBdqphzke5.exe
      Filesize

      244KB

      MD5

      a4cdb62cf4866a17e742e7e9cc73d237

      SHA1

      30d94f8e872455ac569949ac4c768d0a0cdfbba7

      SHA256

      c741d649bf5b72fbe97470820ce994ce29b153baae14af10c3a2a9adc3098b32

      SHA512

      c4447f95565d3e5dc0ef7712382325280bedf127ac682f85f4043b586afb4188633f2c73277595eb31fe45d992107492f42c82a71f448286a9cb8fac4bfb3671

      Download Submit

    • \Windows\System32\consrv.dll
      Filesize

      53KB

      MD5

      4d7cde615a0f534bd5e359951829554b

      SHA1

      c885d00d9000f2a5dbc78f6193a052b36f4fe968

      SHA256

      414fdf9bdcae5136c1295d6d24740c50a484acd81f1f7d0fb5d5c138607cb80a

      SHA512

      33d632f9fbb694440a1ca568c90518784278efd1dc9ee2b57028149d56ebe1f7346d5b59dcfafee2eeaa10091dda05f48958e909d6bfc891e037ae1cfbd048d4

      Download Submit

    • memory/292-135-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-139-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/292-143-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-140-0x00000000029EE000-0x00000000029F2000-memory.dmp

      Filesize

      16KB

      Download

    • memory/292-141-0x00000000029E1000-0x00000000029EE000-memory.dmp

      Filesize

      52KB

      Download

    • memory/292-142-0x0000000003110000-0x000000000314D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-123-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-122-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-121-0x0000000003110000-0x000000000314D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-119-0x00000000029E1000-0x00000000029EE000-memory.dmp

      Filesize

      52KB

      Download

    • memory/292-118-0x00000000029EE000-0x00000000029F2000-memory.dmp

      Filesize

      16KB

      Download

    • memory/292-106-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-109-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-112-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-113-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-114-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-115-0x0000000000400000-0x0000000000446000-memory.dmp

      Filesize

      280KB

      Download

    • memory/292-116-0x00000000029E0000-0x0000000002A1D000-memory.dmp

      Filesize

      244KB

      Download

    • memory/292-117-0x0000000002380000-0x00000000023C6000-memory.dmp

      Filesize

      280KB

      Download

    • memory/336-136-0x0000000001F10000-0x0000000001F22000-memory.dmp

      Filesize

      72KB

      Download

    • memory/868-165-0x0000000000470000-0x000000000047B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/868-164-0x0000000000450000-0x0000000000458000-memory.dmp

      Filesize

      32KB

      Download

    • memory/868-157-0x0000000000470000-0x000000000047B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/868-156-0x0000000000450000-0x0000000000458000-memory.dmp

      Filesize

      32KB

      Download

    • memory/868-154-0x0000000000460000-0x000000000046B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/868-150-0x0000000000460000-0x000000000046B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/868-146-0x0000000000460000-0x000000000046B000-memory.dmp

      Filesize

      44KB

      Download

    • memory/1060-56-0x0000000075021000-0x0000000075023000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1224-86-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1224-85-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1224-83-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1224-92-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1224-90-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1224-91-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1224-82-0x0000000000400000-0x000000000040E000-memory.dmp

      Filesize

      56KB

      Download

    • memory/1244-128-0x0000000002230000-0x0000000002236000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1244-124-0x0000000002230000-0x0000000002236000-memory.dmp

      Filesize

      24KB

      Download

    • memory/1244-132-0x0000000002230000-0x0000000002236000-memory.dmp

      Filesize

      24KB

      Download