ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021

Analysis

max time kernel
120s
max time network
145s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
23-11-2022 09:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
Size

340KB
MD5

ca8c7e9015dbffe5d98424ae052454c5
SHA1

71160094de74fbc0eae6b031f1d1a50f2caa625d
SHA256

ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021
SHA512

55894a2c954914e25fab8fe8484831c7ba5be8524c7d131d6eac551ccd638ef3f3aa9d1700806bcfa07bb093b54bff91dd9eea9df5a68ef3db55505d9071f194
SSDEEP

6144:czG8nriOnW/rGgGg2pIxc/TQEja0iq82EhZM+u6Jbt/XBc:I1DYr9odlGa+u6VtfK

Score

8^/10

evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

Processes:

cssrs.exe

pid process

964 cssrs.exe
Loads dropped DLL 2 IoCs

Processes:

WScript.exe

pid process

1972 WScript.exe
1972 WScript.exe
Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

WScript.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA WScript.exe

pid	process
964	cssrs.exe

pid	process
1972	WScript.exe
1972	WScript.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WScript.exe

Drops file in Program Files directory 7 IoCs

Processes:

ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Data.Msi\DiskDoctor.lnk	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
File opened for modification	C:\Program Files (x86)\Data.Msi\pic.url	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
File opened for modification	C:\Program Files (x86)\Data.Msi\startup.vbe	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
File opened for modification	C:\Program Files (x86)\Data.Msi\System.exe	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
File opened for modification	C:\Program Files (x86)\Data.Msi\3proxy.cfg	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
File opened for modification	C:\Program Files (x86)\Data.Msi\alg.vbe	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
File opened for modification	C:\Program Files (x86)\Data.Msi\cssrs.exe	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 35 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "375963137"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a080a7aeb041384fb0063bff109ccdc1000000000200000000001066000000010000200000006e79d87300f34e1b7e095c6d0f429a4099709c17b3126ee6929f0d22875b6172000000000e80000000020000200000001d63cd759d3f978b55fcfb2f9e44064c761b3d417e1139ee987d356c4bb92b11200000004f34a2f247351ca94b02bf7275764bc1799b38edb54496db214ee2af41d94eb8400000009079bcc8c068e02d7ba7b6755291d46864ac719ae31be437d022abff0970d3ac2cca959666e738195fb345b12351ad6ad74d7610f4cfcd140d905732e115803d	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000a080a7aeb041384fb0063bff109ccdc100000000020000000000106600000001000020000000efbbcec4efae65365f9ffe0ce500f852677b7a035f1dced8133695b6a159b7c8000000000e8000000002000020000000d3fe02d626afdd2e1aac8cfce846ff113256aba4efe64f5c536374cf6c16d81f90000000b150ee65026d43fcc87ed1593f5b540931f4a8c717b951c8215a8514c4d0d5be7b76fe487ebe6acb2a58bd15799db570dc4571a01f14b0f9118b636ec1c50825c758b1d5ad9dc5b1ca44532ac526ce0dad5d63bf0ec5d03d8720a4b607d5cfc51af42aefd9b6d6330166c29fb02c913bb877eb61604c943d81d60b8321f186a541078e1063201accb7637365fee6b795400000001261aa492d82720ff3cdd1054a75d017decde358363c05c61a2f3296d261a09bcbd9117eb70cabd2722445ba9764ae34069a4d962b6448b30ff29bb50bd69274	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0359fd123ffd801	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{E65A17F1-6B16-11ED-A645-626C2AE6DC56} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

320 iexplore.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

320 iexplore.exe
320 iexplore.exe
844 IEXPLORE.EXE
844 IEXPLORE.EXE

pid	process
320	iexplore.exe

pid	process
320	iexplore.exe
320	iexplore.exe
844	IEXPLORE.EXE
844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

Processes:

ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exeWScript.exeWScript.exeiexplore.exe

description	pid	process	target process
PID 1824 wrote to memory of 1984	1824	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe	WScript.exe
PID 1824 wrote to memory of 1984	1824	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe	WScript.exe
PID 1824 wrote to memory of 1984	1824	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe	WScript.exe
PID 1824 wrote to memory of 1984	1824	ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe	WScript.exe
PID 1984 wrote to memory of 1972	1984	WScript.exe	WScript.exe
PID 1984 wrote to memory of 1972	1984	WScript.exe	WScript.exe
PID 1984 wrote to memory of 1972	1984	WScript.exe	WScript.exe
PID 1984 wrote to memory of 1972	1984	WScript.exe	WScript.exe
PID 1972 wrote to memory of 964	1972	WScript.exe	cssrs.exe
PID 1972 wrote to memory of 964	1972	WScript.exe	cssrs.exe
PID 1972 wrote to memory of 964	1972	WScript.exe	cssrs.exe
PID 1972 wrote to memory of 964	1972	WScript.exe	cssrs.exe
PID 320 wrote to memory of 844	320	iexplore.exe	IEXPLORE.EXE
PID 320 wrote to memory of 844	320	iexplore.exe	IEXPLORE.EXE
PID 320 wrote to memory of 844	320	iexplore.exe	IEXPLORE.EXE
PID 320 wrote to memory of 844	320	iexplore.exe	IEXPLORE.EXE

C:\Users\Admin\AppData\Local\Temp\ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe
"C:\Users\Admin\AppData\Local\Temp\ca8534b91743b42ef3e1ebe6e2ad3bc97a34d13a8d5e6759af3bade465396021.exe"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1824

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Data.Msi\startup.vbe"
2⤵
- Checks whether UAC is enabled
- Suspicious use of WriteProcessMemory
PID:1984

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Program Files (x86)\Data.Msi\alg.vbe"
3⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1972

C:\Program Files (x86)\Data.Msi\cssrs.exe
"C:\Program Files (x86)\Data.Msi\cssrs.exe"
4⤵
- Executes dropped EXE
PID:964

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:320

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:320 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:844

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Data.Msi\3proxy.cfg

Filesize
139B

MD5
c4c25bde1ba85f5bc17fc4e2bac6bf78

SHA1
58f23e746fd7b664eeceaf6f87a88f8c5a7a71b7

SHA256
bfad4e1baca0889fe1793b2df40d6b75d10a3b0cb54fed9f850b63da8ac23f19

SHA512
06420521fdad35a275c6bfc3a6935815565f16d89021bf162d78e07b1fc3f092c08bec270d96098a1901bcaac418aaa0c6ffeded99fa8af2695fdfad620cb55f

Download Submit
C:\Program Files (x86)\Data.Msi\DiskDoctor.lnk

Filesize
549B

MD5
62b6f07ff4542911588b2b2da1f3a330

SHA1
1ac03191de119df59fd2f4d057a4f02f6534b4da

SHA256
b057e868a69ffdcca51993ff44f7378f2b98c9e580b69927bc9e30a9ddd54453

SHA512
37b1ad9c62854cf99ecdbbe6c29a4098566bd50a80738e176c5f24a3bacc660b757df5e125fedf1b18390aea52cc378bd0b47c409b20b39e5b048048207dac22

Download Submit
C:\Program Files (x86)\Data.Msi\alg.vbe

Filesize
1KB

MD5
b9cb5f6aed0ff561400e2fb82bd27eb5

SHA1
1b49f6709d90f4c96468bb192662576e2aa50b8a

SHA256
027dc8cffe78bae9947b3de6ce00f1ceb74c5eef43e3b1aa673347ccc34c2586

SHA512
5c19268f42ff8eca1c140c44172d99f211ffe4b772d0f2184ca9e3378aa2a957d8dc04bce80a38658c79206c4f6e1685423252d7c99669d35644ee236d6bd6b3

Download Submit
C:\Program Files (x86)\Data.Msi\cssrs.exe

Filesize
147KB

MD5
dc2f24966a06d009b4f47c061f52c2aa

SHA1
86c3f13bd90a8eab8c0a055403fb9abc37e27770

SHA256
921875f29efded5f4ee9ab9b4274ba9a5130f8bd7186af0d1f5b0dc11557309c

SHA512
2cbf7122f33f140a118f825b5a0966fd8b5e3d4a41f29a654e4ca2a18706079136eaaa53a90ea5af003b1714656de6699ec33d9ef160ffceae9e5772b6db1bfb

Download Submit
C:\Program Files (x86)\Data.Msi\cssrs.exe

Filesize
147KB

MD5
dc2f24966a06d009b4f47c061f52c2aa

SHA1
86c3f13bd90a8eab8c0a055403fb9abc37e27770

SHA256
921875f29efded5f4ee9ab9b4274ba9a5130f8bd7186af0d1f5b0dc11557309c

SHA512
2cbf7122f33f140a118f825b5a0966fd8b5e3d4a41f29a654e4ca2a18706079136eaaa53a90ea5af003b1714656de6699ec33d9ef160ffceae9e5772b6db1bfb

Download Submit
C:\Program Files (x86)\Data.Msi\pic.url

Filesize
231B

MD5
eb7a6757088969c85c202d99659216fb

SHA1
6fc569ef336cc177d37c863182072a8e463367e3

SHA256
578ede7bfdaee4b0959d0ffd8755cd40b3e94f9ce968c0562bd584c1be09bdf6

SHA512
34a6c9699dd6c17d54a4074a3318e558f144b2ee97d19129d1800f3bba60f96a8254d1db4a8d8275a8c44bd282a7f4f62bf167de4129188e3bbd9f9e3061f904

Download Submit
C:\Program Files (x86)\Data.Msi\startup.vbe

Filesize
122B

MD5
02d2050d1162bd9476964d3f3b99da19

SHA1
f0766493d8a78d27601d69c910602cea65076176

SHA256
b58de4ffcc1e3e14ced36ebbad17cf36169ae0c0c412baa86b7af40d8d2351f3

SHA512
704675cb74a74dff12b250769f037ef0aa8e98a9f76da7fdd6f1b9ced471049f0ede39097121d632d1855a7087a93a77d1af1de354c7b7a0fbb07827b233064d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
3dcf580a93972319e82cafbc047d34d5

SHA1
8528d2a1363e5de77dc3b1142850e51ead0f4b6b

SHA256
40810e31f1b69075c727e6d557f9614d5880112895ff6f4df1767e87ae5640d1

SHA512
98384be7218340f95dae88d1cb865f23a0b4e12855beb6e74a3752274c9b4c601e493864db777bca677a370d0a9dbffd68d94898a82014537f3a801cce839c42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
87b35628d4de5ad63dfe166f4968f429

SHA1
80aa6676716658150e9efb5e06d61d34692ce88f

SHA256
14bd594d05ce69cfd195d998a04deacebcb69605fee1fd002964c2cc514381a8

SHA512
792871cacaa694f9abec36e7eafd508642dd359a8740683a4e82ee26f4d42704840d9013615644da23e719d5dcb19ce213afa08f472f7523897d6036b9b85e54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\FOW79CV3.txt

Filesize
602B

MD5
1048afe501403a873172d48ae9860f96

SHA1
d9c716aecdfb58fc12453909e74772c637392ddc

SHA256
b7c31f4c095cb06d199a6d6356acfc95debb7454dbf2078e7928d1fc1e34af6e

SHA512
70ffe142b97b0be0fb7d03126d1dd1532f3ff1a14bed876a4fa7d34bc9cd9e508a91bce06d977642642b18ae030204517e8bf5d8db768b4d505bac6724fb4376

Download Submit
\Program Files (x86)\Data.Msi\cssrs.exe

Filesize
147KB

MD5
dc2f24966a06d009b4f47c061f52c2aa

SHA1
86c3f13bd90a8eab8c0a055403fb9abc37e27770

SHA256
921875f29efded5f4ee9ab9b4274ba9a5130f8bd7186af0d1f5b0dc11557309c

SHA512
2cbf7122f33f140a118f825b5a0966fd8b5e3d4a41f29a654e4ca2a18706079136eaaa53a90ea5af003b1714656de6699ec33d9ef160ffceae9e5772b6db1bfb

Download Submit
\Program Files (x86)\Data.Msi\cssrs.exe

Filesize
147KB

MD5
dc2f24966a06d009b4f47c061f52c2aa

SHA1
86c3f13bd90a8eab8c0a055403fb9abc37e27770

SHA256
921875f29efded5f4ee9ab9b4274ba9a5130f8bd7186af0d1f5b0dc11557309c

SHA512
2cbf7122f33f140a118f825b5a0966fd8b5e3d4a41f29a654e4ca2a18706079136eaaa53a90ea5af003b1714656de6699ec33d9ef160ffceae9e5772b6db1bfb

Download Submit
memory/964-64-0x0000000000000000-mapping.dmp

Download
memory/1824-54-0x0000000075571000-0x0000000075573000-memory.dmp

Filesize
8KB

Download
memory/1972-59-0x0000000000000000-mapping.dmp

Download
memory/1984-55-0x0000000000000000-mapping.dmp

Download