aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856

Analysis

max time kernel
151s
max time network
155s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
29/11/2022, 11:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Size

2.5MB
MD5

2ee2dcfd41f96665deb8214a3fffd992
SHA1

d76bd65f8f2a6863e1fa812f7f7622ea6932bbb2
SHA256

aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856
SHA512

d7263a9eadad18bd7ad59c7c6fd5d56c053e68404436e2c47e9768621738ca69ca7d8c6f33988318add791e8cdbc2fc27fd2a9668310be06ecce6a952d71fb29
SSDEEP

49152:SWdAy94jw/2/rVWDWIcNyukOGGPzSo1ScLEGqhDbwb:SWGXk0SaczOG6GOpavw

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20E26D81-70E1-11ED-98C6-66397CAA4A34} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "yes"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\AutoHide = "yes"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\uniregistry.com\NumberOfSubdomains = "1"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\uniregistry.com\ = "0"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000e56a90a7b0182749b1b11a477945d5dd000000000200000000001066000000010000200000009842dcab28dc1768bd4199997d7cb1c5212d8a9c654dd941d880ffe37b04bf2d000000000e800000000200002000000041bbefca0d004655965ee6ced626521ff6783c1ba5a98bce049cfb087a89812b20000000bbf400f4830dc53d758ae680164dba779e982b298c79468195cfc403fac1757440000000cb250f0b11c2fff0adf2b311cfdc4a9a91a7fa8606730fe712c90513dea73aef2bced6c8c5b29a5e3c1c9625ecdbc1c3c92c7e59c4901db4cf15f4c4551fb36b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "43"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "376599758"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\uniregistry.com\ = "18"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\AutoHide = "yes"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c01270efed04d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{20E4CEE1-70E1-11ED-98C6-66397CAA4A34} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\uniregistry.com\Total = "0"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "yes"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "18"	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\uniregistry.com	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-999675638-2867687379-27515722-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe

Suspicious use of FindShellTrayWindow 10 IoCs

pid	Process
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
1948	iexplore.exe
1620	iexplore.exe

Suspicious use of SendNotifyMessage 8 IoCs

pid	Process
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
1620	iexplore.exe
1620	iexplore.exe
1948	iexplore.exe
1948	iexplore.exe
1948	iexplore.exe
1620	iexplore.exe
1556	IEXPLORE.EXE
1556	IEXPLORE.EXE
1448	IEXPLORE.EXE
1448	IEXPLORE.EXE
1556	IEXPLORE.EXE
1556	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 900 wrote to memory of 1620	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	30
PID 900 wrote to memory of 1620	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	30
PID 900 wrote to memory of 1620	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	30
PID 900 wrote to memory of 1620	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	30
PID 900 wrote to memory of 1948	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	31
PID 900 wrote to memory of 1948	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	31
PID 900 wrote to memory of 1948	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	31
PID 900 wrote to memory of 1948	900	aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe	31
PID 1620 wrote to memory of 1448	1620	iexplore.exe	33
PID 1948 wrote to memory of 1556	1948	iexplore.exe	32
PID 1948 wrote to memory of 1556	1948	iexplore.exe	32
PID 1620 wrote to memory of 1448	1620	iexplore.exe	33
PID 1620 wrote to memory of 1448	1620	iexplore.exe	33
PID 1948 wrote to memory of 1556	1948	iexplore.exe	32
PID 1620 wrote to memory of 1448	1620	iexplore.exe	33
PID 1948 wrote to memory of 1556	1948	iexplore.exe	32

C:\Users\Admin\AppData\Local\Temp\aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe
"C:\Users\Admin\AppData\Local\Temp\aa370b5b3c82fd19a42eb7c376187df1be1cec7aae41013204262ac8f39f5856.exe"
1⤵
- Modifies Internet Explorer settings
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:900
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.thundercheats.com.br/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1620
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1620 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1448
- C:\Program Files\Internet Explorer\iexplore.exe
  "C:\Program Files\Internet Explorer\iexplore.exe" http://www.gchka.blogspot.com.br/
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1948
- - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
    "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1948 CREDAT:275457 /prefetch:2
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of SetWindowsHookEx
    PID:1556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
9ceaca4cb8ef58c136bc60ee56c3973c

SHA1
7f10267b56f9d43eaf808d52e468cd8cfc5782a5

SHA256
47239a8c36e103def8d29ddc41dd43e5e96b3e719df036e938296e2c960decb0

SHA512
3b76b46742ccce7ba1acef48007b317b4af3210275183b7f377ebdc38368271c599e384b233d125f5bf166fc6e4e47b109c363e2026db1ce68db749d4cb405b5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
59d2f5c515d0bc8ba836e4fba9e11883

SHA1
e534b831bc0704e8c6cc9e8e4969414bf2bb8c58

SHA256
cc33acc0a4f415f4ffcae21a90d688fdc559a9e031eec0291b79343e3b1a109f

SHA512
142c40e568c554d22deb3c9523108d73970b28e7b576f2024b7c688f46b71ee1b4cf56e3a3eb7d80b372e0218c3cf25e4d84134efdb47c8e8ad3e18462783bb1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2

Filesize
472B

MD5
608e4d04a251ebcd51660e801f388303

SHA1
fcb9aa48fd6ed504a1a9fed7990c5ccde63e6a1d

SHA256
cc1a34cd0a99e301df97cf184ab0ded2e229659f86f43e4eff479dee221695dc

SHA512
6bf5788982bacca8c9a9b596a6fb719e0707d26e966c83a4e668766dd55e08a1ccba61ec691392e863d4e8a354b308351ca45c42df9abb4a3e51f3164f3e1b8d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_01B1031F6736E831E4D73D2798F7305E

Filesize
472B

MD5
33f732b4dfbd5fb3ed7345eba2896fe6

SHA1
2652f214cf7127302cc65b1d4e42f48a80907d5d

SHA256
904ce722469d356f8ec20c14bd51ca3ce459012ea0869f7d14821a963310a494

SHA512
f3195dab8e3b60149c2c236e2aa93d406af8956a96bd01ce13c0100dbc4a37bb64fd5508209a4ff45fa052c789652545b97b0395043ffa23b64fec5d95017f97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70

Filesize
472B

MD5
146dac10a93604a686550631e14eefb9

SHA1
b4af601ce6d515d9ec124938ce626060e0d43099

SHA256
bac5bc94c1a95af45522dadbf1639aff31e691fa2314314c6cce1ab1e70bba87

SHA512
3650738b90df8b212f9380437417081bb911a605839b846aeaa7aef139bb010a54bddab4e61ed946bea230de7423965ff2c7d30e92e5618f5aa9e84da1f60e97

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
4dc7bad0cb463606e031b7902b0a7ca3

SHA1
c07241a68db4c62087ab437ae416631cfb1a1232

SHA256
462a2d5a5cd535b46466b1538883f54471cf82311fa7a17ddc0c5eb18abba710

SHA512
8d8a325a84b58301e58e49d5e58074721f249345f78c25e8b29d9acd5d150f7ece43b52876abb0135da228b2a9f494dcfb233fd00918cda43ed9e230f9af7a1d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
438B

MD5
12cf3f214ed60f5018d9196bc47ee990

SHA1
7b0bc2a3a827b62578b4c95aedc66176cc796c3b

SHA256
78eef752a7209755eadcfd8abbae59a98a8c4ea4b843ebbb8a2134c8d6388c7d

SHA512
9043d8f479cf4dcd7b00b75f115d74a3867155d2ceac05c6faf8c4b71dcc4b4465d8411fecfa34ea8fbf65a2b318908f592ea84d0650a15f52fd6b5f642431d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
ad01c31836e9c0e08b6e80169fd18bfe

SHA1
4846276e8cabec53bacfffcb2242f16d41881ef7

SHA256
1ec35a8cc9e43bbf75cbf092bfe33a7c8c559a7b874f7311520ad241c63ee455

SHA512
310d10191469eb3f644aa13a96d1a8bd5073db667605157fdc0e31448b1b4c38ae3f073baa30947ebaab5b9699d728fcb4d529166236cad6d89fa28f257591f5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
f7dccb79c9fa95cb907f167790a39afd

SHA1
7633a9d84750e14f77cc57640fc8f3d8d43b74a3

SHA256
a7277bb0641cfa71c3e036012f914816967a850309f482930abadfa83f1f9c8d

SHA512
e0d045d4783faab5876b8a443f482b414ed4193fc4a430c738223060dca35356c1d2bff8f2544c15e0647e39ce7d6039fcf3437f5a5e88f038105dafeae19bc8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
df48b83a0377c8d20be86e5aea48f353

SHA1
b5f530ee4d94698f7e89e8f5559c3ff75c4e6b08

SHA256
ca5658388eb34bfa2721d2f7f413e0072a0772bf901d4481bf5f42cceb1bb325

SHA512
3426da6abd15dad41fc9a4dbd0a01463d6756c92938876fd2267dacbfebd9b7aa8443e128f62f589379ac350774894463c09383c43528a6c73d6c3c7abfa9f88

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
c616565e1f05c2c635a821fe332dec75

SHA1
1fe72925d346cb17b02a0391261b0f61a18f2b79

SHA256
b63daf6836b5facbdd66ab535499e2db8be770bcdb467a69c3a2b369d1655f95

SHA512
866e83a043c3fe5f3df00e022816edb92407f8e04b07def515bb979d571cc7d55aacd559bb59c87725938e9d3ab9fb2a820fc3a6f6f4a7e828d2ca32d408b97b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0ac6826475546cb52b5564c23ec0c551

SHA1
c1d4a6e2968823e193fde92a56f37f677f666610

SHA256
46e2b51b144bc80480dc9c8a16e7d1f27fd986a3c0c4390aacc98eecdc028bae

SHA512
16bd89c2f7297d83211fff1b75db33b0238f5c09cb05f5d813adc11235b88114b5d91bdeb35125ea54ba12ed6e9be18e52240e11a8371c944760876fcc6a6146

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
74469829f19425190e25caa05d4612b8

SHA1
5a17b7c1986d0d9acf6b8ef3ff72380b255eb66c

SHA256
261450d012af167b89101eb275f179804e2af8df3df50393567801e8bcd727f0

SHA512
ed810c456450db7ef3fe31d2cc2214ddec983d94854771bbb92de862b86c7bb4c013c3263a533c437fbde59e31f604ac6a0c61471fc22ae064881d2d0459ffa3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
b02fc3dcb70a084124399f78455d3ddf

SHA1
2ff217d2ed6f2a98c1364dfe5a917eb03bc9d996

SHA256
6eef6a7d4897a80ef65d33db28b4b4d42d3d3eaa9fd429419ce18f470e4a884f

SHA512
ca92754868d461caafa8638bddc2b8949dd8431e218027b8fd5dfdba5470c177008607af8189037384ddb32ee6240eac5853ef195fd5f0cc7c542571310c3c18

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
0579dfa0cf0cadc5d8836247f25cd90d

SHA1
3ba2b244b3160ffa44c0b33da30cc66e9af677be

SHA256
2a4b2b9d7a5266d58b7bf6f37a906cab3a934f5cb234c41e4f60ea3ca1ed292a

SHA512
86ce508242d0bc0de485d752a8ef2504a40d866673f95b119bc04a2a2d4f0765aced49820e6804956daccc29134371f80be4f2a9e57bcde8122ac3f55d257e05

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
931a0917ea1b44e0e5c7b3d867ccdc13

SHA1
cc905296a93b50507b685b3cd71cb85a15c3b5e0

SHA256
9b5dd2e46902e57c34f4cb9eaaf967893f1cd4d47adca4f31de644113822c4fa

SHA512
9b8bb910e5f762ec6f1ce0bc597bfea034c491145a27798f70084fa3919f1f9dee18891f54b6cf79aef77020b3926662a30df4fe1233eb0b6aa9c77df74cb250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
931a0917ea1b44e0e5c7b3d867ccdc13

SHA1
cc905296a93b50507b685b3cd71cb85a15c3b5e0

SHA256
9b5dd2e46902e57c34f4cb9eaaf967893f1cd4d47adca4f31de644113822c4fa

SHA512
9b8bb910e5f762ec6f1ce0bc597bfea034c491145a27798f70084fa3919f1f9dee18891f54b6cf79aef77020b3926662a30df4fe1233eb0b6aa9c77df74cb250

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
d49da795a4e9cf7dc7b2f5502dd5d52d

SHA1
a360f2549fb115402498a4da0041bf17b482f439

SHA256
98a7420314788c1f029d533f2016d2c8deb83686a0bf858cf148c9d0b97216d8

SHA512
d39b06a003521809d174c3ad323a1a31b2f4d3480c780ded2cd90dce8df0e96a47a5d8b742db2906b739fd7ea5b9c14de52238a217c9d11881476afb2158f16f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35af8eb009067ce02446b78c11318199

SHA1
e2839868b8196b3e3e8a5f3a267d7ddca78401dd

SHA256
9113733bb9485b94ac2a9a5fe333b8f8de571048415f662f84f7e67f864f67d1

SHA512
fc07171ce99c38b0c289a5f384a70ae2f9e7b68f82e5aa706b8bec4a5ae6a3228243d30c333230adacc921d3f9a5013a9038eddbe206419b99c3db8873066216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
35af8eb009067ce02446b78c11318199

SHA1
e2839868b8196b3e3e8a5f3a267d7ddca78401dd

SHA256
9113733bb9485b94ac2a9a5fe333b8f8de571048415f662f84f7e67f864f67d1

SHA512
fc07171ce99c38b0c289a5f384a70ae2f9e7b68f82e5aa706b8bec4a5ae6a3228243d30c333230adacc921d3f9a5013a9038eddbe206419b99c3db8873066216

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_5C379F3600DE745720AF61433A9796B2

Filesize
410B

MD5
cebcf46efe7851d8e115506a48852056

SHA1
86a0b55be860a128a32bb3f162c2d6e9d8c8353c

SHA256
5e470141787497c3b864478ff062e40a5c9185d6d500abf05f2254a107f83982

SHA512
41b50e2e9df022a9649b2ced08dea18e7483336ca91485e3aaa7d0610a1491bc1e4f18032a3e30ee2236d07ccfd033a1d2f1fe7ea01f8c61cb19b9565c98d0df

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
8a801f1894f7f87fe08967d9fa86156e

SHA1
c35c6daf9b22c7636912e2c7256f024e7d37cc73

SHA256
9db9622e163e2f4db5d3e251d619c439c5dc24870f5234a92690a9309e6bf1e1

SHA512
54550e799b06d665a2e03d36893c69b11196ec7182d0097d7913216e0efdd37228affbb7dfbd83565363c7ec99abe1e7b0e0a56ea50b87001857956f53525394

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_01B1031F6736E831E4D73D2798F7305E

Filesize
402B

MD5
14526c0a458d4fbda1e594e23689d474

SHA1
00f926951bf139760304315059dcb063885d9178

SHA256
ed571bef58088563628e4371540ccc7f20850dad35029eb19fa39240d0bacc6e

SHA512
1199e7145ed0627c2276e8830b78960e82abe54fd32acc8ad6a218d3a01925e38e8c2ff8ec0dec41ce7bef384ae352b4cbc5c28447d187d41210219d4b4b76ee

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_DD5E18651A85E635F184F73BE6D3DB70

Filesize
406B

MD5
f3ded00a26c1c8dfa9261d3c439ec67c

SHA1
6511e7aeda4ba333e3bad226edb3b5bcda48d5c1

SHA256
a4ca2937d84380ecdd38ee8efcc29bf04edde56c2d826fd8164008ec198b5e40

SHA512
2c8713a5e52892d3e6a88624f97ef99db87473a781febad253915bc80ff03d73a5adcaeaf454b43a3557885790e2dea2f2df925ef9e696e3fd46ce9e0bab5a42

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357

Filesize
242B

MD5
a8b734659c716a17398917d527bd0e0c

SHA1
bbb35537a5a2f5dc91a466ef52d9f9b84e49e0ab

SHA256
22c2cfeda99bfa40e590e759215ff02bf6a9a31540545a5a23436fbf5a610bb3

SHA512
8debf0fb5060444eb793d386bb597e85a0f414a910b55c0f26598c2e0b986d43211c5c4b7af711a8de6011d393f68a16e6dda568edca99820a358a27f0dbbaeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20E26D81-70E1-11ED-98C6-66397CAA4A34}.dat

Filesize
3KB

MD5
b237d9980882096796c7d7893dc07279

SHA1
90f850875cae8fdf555cd280694ae0f08002a39d

SHA256
ce246c034b2b16fa985d335c48bfa393609c29705357b8fa1b4626ba49131a2b

SHA512
3834f46d24bbaf3819bca2a7cc233b00c683a08819ede921d37a2f4f3bbc7836d5f3cb53cff49b150da2797b99a203fb533000ff79dde46cc72bb54eae8609c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20E4CEE1-70E1-11ED-98C6-66397CAA4A34}.dat

Filesize
3KB

MD5
131e24ec1422b973f737ccd48fd22067

SHA1
1996e827e3f70a222df17fe44f024436f88c8ee4

SHA256
aaedf759e0c78e7a4a77f18843f42de20ef53ef267d66b0f30bdd614818374a8

SHA512
f5ddb164d4698aacf47700ac13bede78eeb983c60cc69dbf577bf2130e6aa2fd1e7428860bb8b00db6874d52b90b91c9d7efbef8bb61cb79d8c9b5d6f0272c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0LYNQJM7\analytics[1].js

Filesize
49KB

MD5
fda30e8a22c9bcd954fd8d0fadd0e77c

SHA1
ae47cd34cbde081a48d7f92fc80aaf06a1381193

SHA256
b42e4a056cb5b80c5a315040826866445ec9332f0749e184509ab2d9d3b86719

SHA512
bf551c26ecbdbca8d8be0bc05aede18db415318a8143226e03311e235b7d8d497d6e08d73417926c878d253ad38f0dfc11571df2700500d02e68596b903309ac

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\PJSI0N6E.txt

Filesize
533B

MD5
652d777fbd805ecdf5697209c5251b0c

SHA1
fafd393a0c605df4ec69033dc636bd9e41be7626

SHA256
c058a9eb82b5c312c7da372acfe5f0a779c83e1ebe8f3d77c2e2c22f5511fc62

SHA512
e00c9a31d66720d51bfcd1b6fb0a5df39bb6b1b675fb8df278f4871e60bb10f5717b51149bd2c7083eb2cb3a7adc3690f98a68d88bc588a60d6e3bd789200822

Download Submit
memory/900-56-0x0000000000400000-0x00000000007F4000-memory.dmp

Filesize
4.0MB

Download
memory/900-55-0x0000000000400000-0x00000000007F4000-memory.dmp

Filesize
4.0MB

Download
memory/900-54-0x0000000076071000-0x0000000076073000-memory.dmp

Filesize
8KB

Download