c5348deafddbf3beed31d22285cabbb1f3c55c0123b3e0d47a3edd79586c4a1d

Analysis

max time kernel
50s
max time network
107s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
05-10-2022 17:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad.msi
Size

1.4MB
MD5

563f30a6c6d9978c30e8416542ad6041
SHA1

44ea4b43e5cb20ce9140297f7bcf87f028e0830b
SHA256

e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad
SHA512

3d1fcb48c2ac03ac9c1e7fa6fdda611b45e4f36fba0ddf42fa2d7ab8027a19ae8b3937c97ef004812bfb9dd99c5c0f00c6b5162a5f6d536a0cedb47ad063d3b5
SSDEEP

24576:jJjyyzQyz5io+HExGWUAyiqZpBqnGIQ5M6DLrVVdWGA13IqMXSpS2SDTQuV+vJFo:jJjrz5io+HGGWxyzXlrXVVdWGA13I1Xd

Score

8^/10

persistence

Malware Config

Signatures

Blocklisted process makes network request 5 IoCs

flow	pid	Process
4	832	MsiExec.exe
6	832	MsiExec.exe
8	832	MsiExec.exe
10	832	MsiExec.exe
12	832	MsiExec.exe

Executes dropped EXE 2 IoCs

pid	Process
2040	MSI378F.tmp
1484	Homologo.exe

Loads dropped DLL 8 IoCs

pid	Process
832	MsiExec.exe
832	MsiExec.exe
832	MsiExec.exe
832	MsiExec.exe
832	MsiExec.exe
832	MsiExec.exe
832	MsiExec.exe
1484	Homologo.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run	msiexec.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Windows\CurrentVersion\Run\REAGIR = "C:\\Users\\Admin\\AppData\\Roaming\\Comercialis\\Documentos Objects\\Homologo.exe"	msiexec.exe

Enumerates connected drives 3 TTPs 48 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe

Drops file in Windows directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI957.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI34FE.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI31F.tmp	msiexec.exe
File created	C:\Windows\Installer\6c0052.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI987.tmp	msiexec.exe
File created	C:\Windows\Installer\6c0050.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6c0050.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI2E0.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9E6.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\6c0052.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI378F.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI10B.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA84.tmp	msiexec.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
904	msiexec.exe
904	msiexec.exe

Suspicious use of AdjustPrivilegeToken 60 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1500	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1500	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeSecurityPrivilege	904	msiexec.exe
Token: SeCreateTokenPrivilege	1500	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1500	msiexec.exe
Token: SeLockMemoryPrivilege	1500	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1500	msiexec.exe
Token: SeMachineAccountPrivilege	1500	msiexec.exe
Token: SeTcbPrivilege	1500	msiexec.exe
Token: SeSecurityPrivilege	1500	msiexec.exe
Token: SeTakeOwnershipPrivilege	1500	msiexec.exe
Token: SeLoadDriverPrivilege	1500	msiexec.exe
Token: SeSystemProfilePrivilege	1500	msiexec.exe
Token: SeSystemtimePrivilege	1500	msiexec.exe
Token: SeProfSingleProcessPrivilege	1500	msiexec.exe
Token: SeIncBasePriorityPrivilege	1500	msiexec.exe
Token: SeCreatePagefilePrivilege	1500	msiexec.exe
Token: SeCreatePermanentPrivilege	1500	msiexec.exe
Token: SeBackupPrivilege	1500	msiexec.exe
Token: SeRestorePrivilege	1500	msiexec.exe
Token: SeShutdownPrivilege	1500	msiexec.exe
Token: SeDebugPrivilege	1500	msiexec.exe
Token: SeAuditPrivilege	1500	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1500	msiexec.exe
Token: SeChangeNotifyPrivilege	1500	msiexec.exe
Token: SeRemoteShutdownPrivilege	1500	msiexec.exe
Token: SeUndockPrivilege	1500	msiexec.exe
Token: SeSyncAgentPrivilege	1500	msiexec.exe
Token: SeEnableDelegationPrivilege	1500	msiexec.exe
Token: SeManageVolumePrivilege	1500	msiexec.exe
Token: SeImpersonatePrivilege	1500	msiexec.exe
Token: SeCreateGlobalPrivilege	1500	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe
Token: SeRestorePrivilege	904	msiexec.exe
Token: SeTakeOwnershipPrivilege	904	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1500	msiexec.exe
1500	msiexec.exe

Suspicious use of WriteProcessMemory 14 IoCs

description	pid	Process	procid_target
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 832	904	msiexec.exe	28
PID 904 wrote to memory of 2040	904	msiexec.exe	31
PID 904 wrote to memory of 2040	904	msiexec.exe	31
PID 904 wrote to memory of 2040	904	msiexec.exe	31
PID 904 wrote to memory of 2040	904	msiexec.exe	31
PID 904 wrote to memory of 2040	904	msiexec.exe	31
PID 904 wrote to memory of 2040	904	msiexec.exe	31
PID 904 wrote to memory of 2040	904	msiexec.exe	31

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\e6c39cc0b7a7ad889fd345475f0b7d5ea740caba70bc4f57564e760e8a52f6ad.msi
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1500

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:904
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding A8C02451C4DD31F857AD340E0042DB85
  2⤵
  - Blocklisted process makes network request
  - Loads dropped DLL
  PID:832
- C:\Windows\Installer\MSI378F.tmp
  "C:\Windows\Installer\MSI378F.tmp" /DontWait "C:\Users\Admin\AppData\Roaming\Comercialis\Documentos Objects\Homologo.exe"
  2⤵
  - Executes dropped EXE
  PID:2040

C:\Users\Admin\AppData\Roaming\Comercialis\Documentos Objects\Homologo.exe
"C:\Users\Admin\AppData\Roaming\Comercialis\Documentos Objects\Homologo.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1484

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Comercialis\Documentos Objects\Homologo.exe

Filesize
474KB

MD5
04ec4f58a1f4a87b5eeb1f4b7afc48e0

SHA1
58dcb1cbbec071d036a07f0e8feb858e4c5b96e7

SHA256
bd1af3dba56b129e6c624297eeed40c898fa2981fce5caafe467d88a748988a4

SHA512
5b572a504fac599e7e3f726d391e8ffdc2d083745609315a203000e8dc79b94d777fc520eb6530444d84f1ac9aad51406b91b527d8434077a58524feeccbbd80

Download Submit
C:\Users\Admin\AppData\Roaming\Comercialis\Documentos Objects\dbgeng.dll

Filesize
23.2MB

MD5
b4c0640c87dbbcea793251a3749cc290

SHA1
3d136f91b0cc9753a6b796bf354d5d70fa8ee0d1

SHA256
604ee858da5ffab29bd02ab64a57fb7a89abc6b82e76b8d18230b6d7c607e9b1

SHA512
c96c81bf089b06e5bde9be65b3b7e77ae331b28244c74b31f9bba6f54d11fcf2de324c014530e1891e4a67926bde095c0bf833a191e4b0a45f6d0e674abfd984

Download Submit
C:\Windows\Installer\MSI10B.tmp

Filesize
379KB

MD5
305a50c391a94b42a68958f3f89906fb

SHA1
4110d68d71f3594f5d3bdfca91a1c759ab0105d4

SHA256
f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f

SHA512
fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7

Download Submit
C:\Windows\Installer\MSI2E0.tmp

Filesize
379KB

MD5
305a50c391a94b42a68958f3f89906fb

SHA1
4110d68d71f3594f5d3bdfca91a1c759ab0105d4

SHA256
f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f

SHA512
fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7

Download Submit
C:\Windows\Installer\MSI31F.tmp

Filesize
379KB

MD5
305a50c391a94b42a68958f3f89906fb

SHA1
4110d68d71f3594f5d3bdfca91a1c759ab0105d4

SHA256
f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f

SHA512
fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7

Download Submit
C:\Windows\Installer\MSI34FE.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
C:\Windows\Installer\MSI378F.tmp

Filesize
404KB

MD5
a34d4f165087b11d9e06781d52262868

SHA1
1b7b6a5bb53b7c12fb45325f261ad7a61b485ce1

SHA256
55ad26c17f4aac71e6db6a6edee6ebf695510dc7e533e3fee64afc3eb06291e5

SHA512
aa62ff3b601ddb83133dd3659b0881f523454dc7eea921da7cfefc50426e70bb36b4ebc337a8f16620da610784a81a8e4aa1cf5e0959d28aa155d1f026a81aaf

Download Submit
C:\Windows\Installer\MSI987.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
C:\Windows\Installer\MSI9E6.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
C:\Windows\Installer\MSIA84.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
\Users\Admin\AppData\Roaming\Comercialis\Documentos Objects\dbgeng.dll

Filesize
23.2MB

MD5
b4c0640c87dbbcea793251a3749cc290

SHA1
3d136f91b0cc9753a6b796bf354d5d70fa8ee0d1

SHA256
604ee858da5ffab29bd02ab64a57fb7a89abc6b82e76b8d18230b6d7c607e9b1

SHA512
c96c81bf089b06e5bde9be65b3b7e77ae331b28244c74b31f9bba6f54d11fcf2de324c014530e1891e4a67926bde095c0bf833a191e4b0a45f6d0e674abfd984

Download Submit
\Windows\Installer\MSI10B.tmp

Filesize
379KB

MD5
305a50c391a94b42a68958f3f89906fb

SHA1
4110d68d71f3594f5d3bdfca91a1c759ab0105d4

SHA256
f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f

SHA512
fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7

Download Submit
\Windows\Installer\MSI2E0.tmp

Filesize
379KB

MD5
305a50c391a94b42a68958f3f89906fb

SHA1
4110d68d71f3594f5d3bdfca91a1c759ab0105d4

SHA256
f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f

SHA512
fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7

Download Submit
\Windows\Installer\MSI31F.tmp

Filesize
379KB

MD5
305a50c391a94b42a68958f3f89906fb

SHA1
4110d68d71f3594f5d3bdfca91a1c759ab0105d4

SHA256
f89c4313f2f4bc8654a7fa3697702e36688e8c2756df5ada209a7f3e3f1d906f

SHA512
fcad17ce34e35de6f0c7259e92acc842db2e68008cf45e628b18d71cb3bffcfca35e233cd8ae5eb2ae758b8a6503dbe832dd70038432ccbd56c99cd45da535f7

Download Submit
\Windows\Installer\MSI34FE.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
\Windows\Installer\MSI987.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
\Windows\Installer\MSI9E6.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
\Windows\Installer\MSIA84.tmp

Filesize
463KB

MD5
dd777abc5e3abff6e35f866470fd8d2d

SHA1
11d68b3cf2f9628729622e76e82ce58f3b8d4561

SHA256
c1c922e7b8addf20a1f8c01fb7333e4341e5bd43ea90b82025e4402cd016d3ed

SHA512
aa21b5d920ac9260eb35a421f071c95e83c31a5545762ca12f2b8a05a543d4ac90095ace83c37aa3b3c69135dee091e0be7e38a2bca45a474362da479c3b0c1e

Download Submit
memory/832-57-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1484-79-0x0000000002000000-0x0000000003673000-memory.dmp

Filesize
22.4MB

Download
memory/1500-54-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

Filesize
8KB

Download