d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c

Analysis

max time kernel
150s
max time network
48s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
18/10/2022, 11:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
Size

207KB
MD5

f642efb542e01bcac68b865878971816
SHA1

e0487e035e0988f4abcf540466e0ba5f1a95dac8
SHA256

d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c
SHA512

6948e12981147ab0233ee59f681b837f75761a1574c83f297b15f0edab7148bd886adb7c975c3aaaa3f746ba4869d2a0229ca596c808169b6cec1b0df4cf4864
SSDEEP

3072:zvEfVUzSLhIVbV6i5LirrlZrHyrUHUckoMQ2RN6unMo:zvEN2U+T6i5LirrllHy4HUcMQY6e

Score

10^/10

evasion persistence

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 2 IoCs

persistence

Winlogon Helper DLL

T1004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\shell = "C:\\Windows\\explorer.exe, c:\\windows\\system\\explorer.exe"	explorer.exe

Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3845472200-3839195424-595303356-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	svchost.exe

Executes dropped EXE 4 IoCs

pid	Process
1296	explorer.exe
1128	spoolsv.exe
1212	svchost.exe
1332	spoolsv.exe

Modifies Installed Components in the registry 2 TTPs 8 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR"	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{F146C9B1-VMVQ-A9RC-NUFL-D0BA00B4E999}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}	svchost.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}\StubPath = "C:\\Users\\Admin\\AppData\\Roaming\\mrsys.exe MR"	svchost.exe

Loads dropped DLL 8 IoCs

pid	Process
1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
1296	explorer.exe
1296	explorer.exe
1128	spoolsv.exe
1128	spoolsv.exe
1212	svchost.exe
1212	svchost.exe

Adds Run key to start application 2 TTPs 6 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\system\\explorer.exe RO"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\system\\svchost.exe RO"	svchost.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\system\explorer.exe	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
File opened for modification	\??\c:\windows\system\spoolsv.exe	explorer.exe
File opened for modification	\??\c:\windows\system\svchost.exe	spoolsv.exe
File opened for modification	\??\c:\windows\system\explorer.exe	explorer.exe
File opened for modification	\??\c:\windows\system\svchost.exe	svchost.exe
File opened for modification	C:\Windows\system\udsys.exe	explorer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
1296	explorer.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1212	svchost.exe
1296	explorer.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe
1212	svchost.exe
1296	explorer.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1296	explorer.exe
1212	svchost.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
1296	explorer.exe
1296	explorer.exe
1128	spoolsv.exe
1128	spoolsv.exe
1212	svchost.exe
1212	svchost.exe
1332	spoolsv.exe
1332	spoolsv.exe
1296	explorer.exe
1296	explorer.exe

Suspicious use of WriteProcessMemory 28 IoCs

description	pid	Process	procid_target
PID 1972 wrote to memory of 1296	1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe	28
PID 1972 wrote to memory of 1296	1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe	28
PID 1972 wrote to memory of 1296	1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe	28
PID 1972 wrote to memory of 1296	1972	d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe	28
PID 1296 wrote to memory of 1128	1296	explorer.exe	29
PID 1296 wrote to memory of 1128	1296	explorer.exe	29
PID 1296 wrote to memory of 1128	1296	explorer.exe	29
PID 1296 wrote to memory of 1128	1296	explorer.exe	29
PID 1128 wrote to memory of 1212	1128	spoolsv.exe	30
PID 1128 wrote to memory of 1212	1128	spoolsv.exe	30
PID 1128 wrote to memory of 1212	1128	spoolsv.exe	30
PID 1128 wrote to memory of 1212	1128	spoolsv.exe	30
PID 1212 wrote to memory of 1332	1212	svchost.exe	31
PID 1212 wrote to memory of 1332	1212	svchost.exe	31
PID 1212 wrote to memory of 1332	1212	svchost.exe	31
PID 1212 wrote to memory of 1332	1212	svchost.exe	31
PID 1212 wrote to memory of 1536	1212	svchost.exe	32
PID 1212 wrote to memory of 1536	1212	svchost.exe	32
PID 1212 wrote to memory of 1536	1212	svchost.exe	32
PID 1212 wrote to memory of 1536	1212	svchost.exe	32
PID 1212 wrote to memory of 596	1212	svchost.exe	34
PID 1212 wrote to memory of 596	1212	svchost.exe	34
PID 1212 wrote to memory of 596	1212	svchost.exe	34
PID 1212 wrote to memory of 596	1212	svchost.exe	34
PID 1212 wrote to memory of 1908	1212	svchost.exe	36
PID 1212 wrote to memory of 1908	1212	svchost.exe	36
PID 1212 wrote to memory of 1908	1212	svchost.exe	36
PID 1212 wrote to memory of 1908	1212	svchost.exe	36

C:\Users\Admin\AppData\Local\Temp\d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe
"C:\Users\Admin\AppData\Local\Temp\d0ec77569406e8824ca37fad5d5d215f302f0e93005c7ef2af961f8474cd6e7c.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1972
- \??\c:\windows\system\explorer.exe
  c:\windows\system\explorer.exe
  2⤵
  - Modifies WinLogon for persistence
  - Modifies visiblity of hidden/system files in Explorer
  - Executes dropped EXE
  - Modifies Installed Components in the registry
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1296
- - \??\c:\windows\system\spoolsv.exe
    c:\windows\system\spoolsv.exe SE
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1128
  - - \??\c:\windows\system\svchost.exe
      c:\windows\system\svchost.exe
      4⤵
      Modifies WinLogon for persistence
      Modifies visiblity of hidden/system files in Explorer
      Executes dropped EXE
      Modifies Installed Components in the registry
      Loads dropped DLL
      Adds Run key to start application
      Drops file in Windows directory
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1212
    - - \??\c:\windows\system\spoolsv.exe
        
        c:\windows\system\spoolsv.exe PR
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1332
    - - C:\Windows\SysWOW64\at.exe
        
        at 13:42 /interactive /every:M,T,W,Th,F,S,Su c:\windows\system\svchost.exe
        5⤵
        
        PID:1536
    - - C:\Windows\SysWOW64\at.exe
        
        at 13:43 /interactive /every:M,T,W,Th,F,S,Su c:\windows\system\svchost.exe
        5⤵
        
        PID:596
    - - C:\Windows\SysWOW64\at.exe
        
        at 13:44 /interactive /every:M,T,W,Th,F,S,Su c:\windows\system\svchost.exe
        5⤵
        
        PID:1908

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hidden Files and Directories

T1158

Registry Run Keys / Startup Folder

T1060

Winlogon Helper DLL

T1004

Privilege Escalation

Defense Evasion

Hidden Files and Directories

T1158

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\mrsys.exe

Filesize
206KB

MD5
a00861ae2e26f3054b3b818059583473

SHA1
0cc3f6e657d3f00983364a3759cb8f373a1eb6d7

SHA256
e7d0caf90930ea503cc75fb25bba535baab32af3acc5e6bbebb165c32633a990

SHA512
9c27ca76b342bef9b03dae81dacbc356e7fbd1bf1d8638d6e4a46c47ada993f202d7e69575fdf2904403423e734a79d7c37dac4e89d9b15dfc178c9ebbaf7d60

Download Submit
C:\Windows\system\explorer.exe

Filesize
206KB

MD5
59313a7e8d24dd471b3f450bd948361a

SHA1
d84081107b1a3472eb41da44302199b95f78e375

SHA256
315c01fee2079614dd0c3b646b4ed5f5c378ec91d61c73ec1698f609509733a4

SHA512
f91e0f506ce34791bf6daf4a1c45b2cb162523bb96d0a891753dae59977add5311d8749d02c27bafc7eee2d05a22e08b2646c6b9e23c7d0006923570e0cd40fa

Download Submit
C:\Windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
C:\Windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
C:\Windows\system\svchost.exe

Filesize
206KB

MD5
803832558a8d0ebf8cc9f70fe68891f0

SHA1
0db05c1ea7e143d7af4ba9d4932c8f13ef474df5

SHA256
bef276cd26bfd76fe6bd19987d446728cc47fb8906c715aedec498c328b8f094

SHA512
bc2bb118c5cc2ca66cf82da8e4def90ae2e8cf3a6e50e950dc7a87b3969ac7dcd18cad4a089121b264020b75d607e17f27555f3ab96477d5c1d9ad6f8b918d54

Download Submit
\??\c:\windows\system\explorer.exe

Filesize
206KB

MD5
59313a7e8d24dd471b3f450bd948361a

SHA1
d84081107b1a3472eb41da44302199b95f78e375

SHA256
315c01fee2079614dd0c3b646b4ed5f5c378ec91d61c73ec1698f609509733a4

SHA512
f91e0f506ce34791bf6daf4a1c45b2cb162523bb96d0a891753dae59977add5311d8749d02c27bafc7eee2d05a22e08b2646c6b9e23c7d0006923570e0cd40fa

Download Submit
\??\c:\windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
\??\c:\windows\system\svchost.exe

Filesize
206KB

MD5
803832558a8d0ebf8cc9f70fe68891f0

SHA1
0db05c1ea7e143d7af4ba9d4932c8f13ef474df5

SHA256
bef276cd26bfd76fe6bd19987d446728cc47fb8906c715aedec498c328b8f094

SHA512
bc2bb118c5cc2ca66cf82da8e4def90ae2e8cf3a6e50e950dc7a87b3969ac7dcd18cad4a089121b264020b75d607e17f27555f3ab96477d5c1d9ad6f8b918d54

Download Submit
\Windows\system\explorer.exe

Filesize
206KB

MD5
59313a7e8d24dd471b3f450bd948361a

SHA1
d84081107b1a3472eb41da44302199b95f78e375

SHA256
315c01fee2079614dd0c3b646b4ed5f5c378ec91d61c73ec1698f609509733a4

SHA512
f91e0f506ce34791bf6daf4a1c45b2cb162523bb96d0a891753dae59977add5311d8749d02c27bafc7eee2d05a22e08b2646c6b9e23c7d0006923570e0cd40fa

Download Submit
\Windows\system\explorer.exe

Filesize
206KB

MD5
59313a7e8d24dd471b3f450bd948361a

SHA1
d84081107b1a3472eb41da44302199b95f78e375

SHA256
315c01fee2079614dd0c3b646b4ed5f5c378ec91d61c73ec1698f609509733a4

SHA512
f91e0f506ce34791bf6daf4a1c45b2cb162523bb96d0a891753dae59977add5311d8749d02c27bafc7eee2d05a22e08b2646c6b9e23c7d0006923570e0cd40fa

Download Submit
\Windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
\Windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
\Windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
\Windows\system\spoolsv.exe

Filesize
206KB

MD5
b1925ead4e85d2cab61c241854c4177f

SHA1
b1aab1799674a82dba0ba2dce35e888cd6d2372e

SHA256
885da7d9c6b55e814f71dcc83c08b46eb37a999c5f223da0c5592104926e49ad

SHA512
c2176abf23c8cc49f455669aef3b1a6ddf45aafbe6a51f79d746ce75f8a29f54ee570bd2220f69cac697e521961537176a14846fd71e985ffb2b6d0d715344ca

Download Submit
\Windows\system\svchost.exe

Filesize
206KB

MD5
803832558a8d0ebf8cc9f70fe68891f0

SHA1
0db05c1ea7e143d7af4ba9d4932c8f13ef474df5

SHA256
bef276cd26bfd76fe6bd19987d446728cc47fb8906c715aedec498c328b8f094

SHA512
bc2bb118c5cc2ca66cf82da8e4def90ae2e8cf3a6e50e950dc7a87b3969ac7dcd18cad4a089121b264020b75d607e17f27555f3ab96477d5c1d9ad6f8b918d54

Download Submit
\Windows\system\svchost.exe

Filesize
206KB

MD5
803832558a8d0ebf8cc9f70fe68891f0

SHA1
0db05c1ea7e143d7af4ba9d4932c8f13ef474df5

SHA256
bef276cd26bfd76fe6bd19987d446728cc47fb8906c715aedec498c328b8f094

SHA512
bc2bb118c5cc2ca66cf82da8e4def90ae2e8cf3a6e50e950dc7a87b3969ac7dcd18cad4a089121b264020b75d607e17f27555f3ab96477d5c1d9ad6f8b918d54

Download Submit
memory/1972-57-0x00000000756B1000-0x00000000756B3000-memory.dmp

Filesize
8KB

Download