b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6

Analysis

max time kernel
4s
max time network
30s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 22:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe
Size

595KB
MD5

3e021ff26063ac5f6de4971dbddec210
SHA1

e63068bcc6c34e84aa221eff23c98f0db68a4e59
SHA256

b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6
SHA512

a0f04930108e055f97a7e171a7f7f5fbeef257f8a8713d9921c3b1e07a2d2f45eff85509ce7d8f69c5ebab641827ad91c4ab0f56a92446d5f2ae1f3b80286f50
SSDEEP

12288:7Cgvf6HX8XE3KnCgjUNbkYDLCgvf6HX8X45jgRdJ83:Nf6HX8XE3uUNbkYD9f6HX8X45jOdJs

Score

8^/10

persistence

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
296	abc.exe
856	svchost.exe
2020	Uane's Keylogger.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\CurrentVersion\Run\windows = "C:\\windows\\svchost.exe"	svchost.exe

Drops file in Windows directory 9 IoCs

description	ioc	Process
File created	C:\Windows\svchost.exe	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe
File created	C:\Windows\abc.exe_	abc.exe
File created	C:\Windows\config.cfg	abc.exe
File opened for modification	C:\Windows\svchost.exe	svchost.exe
File created	C:\windows\svchost.exe	svchost.exe
File created	C:\Windows\abc.exe	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe
File opened for modification	C:\Windows\abc.exe_	abc.exe
File created	C:\Windows\COMDLG32.OCX	abc.exe
File created	C:\Windows\Uane's Keylogger.exe	abc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Programmable	Uane's Keylogger.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\ = "Common Dialog Open Property Page Object"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\comdlg32.ocx"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ThreadingModel = "Apartment"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\CLSID	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Version	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus\1	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Control	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ToolboxBitmap32\ = "C:\\Windows\\comdlg32.ocx, 1"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\ = "Common Dialog Color Property Page Object"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ = "ICommonDialogEvents"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\MiscStatus	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Print Property Page Object"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\ = "Common Dialog Font Property Page Object"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}\InprocServer32	Uane's Keylogger.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\VersionIndependentProgID\ = "MSComDlg.CommonDialog"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ = "ICommonDialog"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\Version = "1.2"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\Version = "1.2"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CurVer	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE3-47EB-101B-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE7-47EB-101B-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\comdlg32.ocx"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID\ = "{F9043C85-F6F2-101A-A3C9-08002B2F49FB}"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog.1\ = "Microsoft Common Dialog Control, version 6.0"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\HELPDIR\	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\FLAGS\ = "2"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{F9043C88-F6F2-101A-A3C9-08002B2F49FB}\1.2\0\win32	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32\ = "C:\\Windows\\comdlg32.ocx"	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\ = "Microsoft Common Dialog Control, version 6.0"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSComDlg.CommonDialog\CLSID	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\ = "Microsoft Common Dialog Control, version 6.0"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\TypeLib	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C4F3BE5-47EB-101B-A3C9-08002B2F49FB}\InprocServer32	Uane's Keylogger.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{F9043C87-F6F2-101A-A3C9-08002B2F49FB}\TypeLib\ = "{F9043C88-F6F2-101A-A3C9-08002B2F49FB}"	Uane's Keylogger.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{083039C2-13F4-11D1-8B7E-0000F8754DA1}\ProxyStubClsid32	Uane's Keylogger.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
856	svchost.exe
2020	Uane's Keylogger.exe
856	svchost.exe
2020	Uane's Keylogger.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 1276 wrote to memory of 296	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	28
PID 1276 wrote to memory of 296	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	28
PID 1276 wrote to memory of 296	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	28
PID 1276 wrote to memory of 296	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	28
PID 1276 wrote to memory of 856	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	29
PID 1276 wrote to memory of 856	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	29
PID 1276 wrote to memory of 856	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	29
PID 1276 wrote to memory of 856	1276	b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe	29
PID 296 wrote to memory of 2020	296	abc.exe	30
PID 296 wrote to memory of 2020	296	abc.exe	30
PID 296 wrote to memory of 2020	296	abc.exe	30
PID 296 wrote to memory of 2020	296	abc.exe	30

C:\Users\Admin\AppData\Local\Temp\b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe
"C:\Users\Admin\AppData\Local\Temp\b7490b28587e081a83f52e2b172e2ba04d780dbe36a0dd7626b5d61e882beab6.exe"
1⤵
- Drops file in Windows directory
- Suspicious use of WriteProcessMemory
PID:1276
- C:\Windows\abc.exe
  "C:\Windows\abc.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:296
- - C:\Windows\Uane's Keylogger.exe
    "C:\Windows\Uane's Keylogger.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:2020
- C:\Windows\svchost.exe
  "C:\Windows\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Adds Run key to start application
  - Drops file in Windows directory
  - Suspicious use of SetWindowsHookEx
  PID:856

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Uane's Keylogger.exe

Filesize
172KB

MD5
1cbdcc28e2ce07272c9ebd6d03dc7273

SHA1
95abc1b738b153f8dcf7eeec9c5cdb8aa371a510

SHA256
844f60a98cf7f979a67d5c96105d65b1f023424bbeec338dc52074a657effd45

SHA512
19ea5547d7ac2e4e37b9737a38164efbf0ed8c03ca9b5fcf64461bc64781b1972fd5443290219ddbf07fea63d5e67cac30d84304cf812fc880094927ef802d40

Download Submit
C:\Windows\abc.exe

Filesize
447KB

MD5
fb02f66f5e094e2a7cad024e0594d46d

SHA1
322148d694fc28b1d34c8c47705ac7e5395e5908

SHA256
e95989ab812f8361adef90d02c52358983d8d7183697ee1ee816c19a94520fc5

SHA512
03ad52baff1aea3d00dae75bf2d0ee643376c32423a0f73eb38543e098821d44073df971cf41e1fe458b69af4b0d6fb88a122c3cd28b350cb04a5754a124a98f

Download Submit
C:\Windows\abc.exe

Filesize
447KB

MD5
fb02f66f5e094e2a7cad024e0594d46d

SHA1
322148d694fc28b1d34c8c47705ac7e5395e5908

SHA256
e95989ab812f8361adef90d02c52358983d8d7183697ee1ee816c19a94520fc5

SHA512
03ad52baff1aea3d00dae75bf2d0ee643376c32423a0f73eb38543e098821d44073df971cf41e1fe458b69af4b0d6fb88a122c3cd28b350cb04a5754a124a98f

Download Submit
C:\Windows\comdlg32.ocx

Filesize
137KB

MD5
d76f0eab36f83a31d411aeaf70da7396

SHA1
9bc145b54500fb6fbea9be61fbdd90f65fd1bc14

SHA256
46f4fdb12c30742ff4607876d2f36cf432cdc7ec3d2c99097011448fc57e997c

SHA512
9c22bc6b2e7dbcd344809085894b768cfa76e8512062c5bbf3caeaa2771c6b7ce128bd5a0b6e385a5da777d0d822a5b2191773cc0ddb05abe1fa935fa853d79d

Download Submit
C:\Windows\svchost.exe

Filesize
120KB

MD5
ff4a48562f770dadc1c430bd53b899c3

SHA1
15743f5142ed2a3440eb0693e1b8c91bfb9a6010

SHA256
7393d48a6793e9801d5d6471a68d8e91edbcb617a084ff13f6f39695abf57a02

SHA512
b5906f88cc2f6672d2bafeb403ceb9c2887e28c6dafe78a6bd6b6757e591afe2a9590b99ee55f481f99cb8ed4dbba938cd8e96e10b8f5a711b58b416df7ccb8f

Download Submit
C:\Windows\svchost.exe

Filesize
120KB

MD5
ff4a48562f770dadc1c430bd53b899c3

SHA1
15743f5142ed2a3440eb0693e1b8c91bfb9a6010

SHA256
7393d48a6793e9801d5d6471a68d8e91edbcb617a084ff13f6f39695abf57a02

SHA512
b5906f88cc2f6672d2bafeb403ceb9c2887e28c6dafe78a6bd6b6757e591afe2a9590b99ee55f481f99cb8ed4dbba938cd8e96e10b8f5a711b58b416df7ccb8f

Download Submit
memory/1276-54-0x0000000074DE1000-0x0000000074DE3000-memory.dmp

Filesize
8KB

Download