ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14

Analysis

max time kernel
189s
max time network
223s
platform
windows7_x64
resource
win7-20221111-en
resource tags

arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
submitted
06/12/2022, 09:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
Size

208KB
MD5

d23c954220410d348bb03fdbcb93c6a2
SHA1

f2c1aee839443db032da5e4dcbb2b0d59e368fbc
SHA256

ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14
SHA512

bcae8290c76e7fe3c7afcc40553c2824b8931b27f14af46b8b8b060518e8a6cd913fe6439f1748a9ccac286e28aa44286d39d262ac9ca3528f1895ca1b1b8c79
SSDEEP

3072:z4Ui75gFLPc+SJvEUTPTePdIuG8UvahsdcYX3UI2EuJ3im/ZCdady+RlTp/VYq6A:fYgloaPBUyhsdEI2++M+RlTHYw

Score

8^/10

evasion persistence

Malware Config

Signatures

Disables RegEdit via registry modification 1 IoCs

evasion

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3385717845-2518323428-350143044-1000\Software\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1"	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe

Disables Task Manager via registry modification
evasion

Executes dropped EXE 1 IoCs

pid	Process
1180	svchost.exe

Loads dropped DLL 6 IoCs

pid	Process
1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
1180	svchost.exe
1180	svchost.exe
1180	svchost.exe
1180	svchost.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\AutoRun = "C:\\Windows\\SysWOW64\\import\\svchost"	svchost.exe

Drops file in System32 directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\import\svchost.exe	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
File opened for modification	C:\Windows\SysWOW64\mswinsck.ocx	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
File opened for modification	C:\Windows\SysWOW64\import\svchost.exe	svchost.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1\ = "132497"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR\	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ = "DMSWinsockControlEvents"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ = "IMSWinsockControl"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1\ = "Microsoft WinSock Control, version 6.0 (SP6)"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ProgID\ = "MSWinsock.Winsock.1"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A52-2BAA-11CF-A229-00AA003D7352}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\ = "Winsock General Property Page Object"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ = "IMSWinsockControl"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CurVer	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\ = "Microsoft Winsock Control 6.0 (SP6)"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\ = "{248DD890-BB45-11CF-9ABC-0080C7E7B78D}"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID\ = "{248DD896-BB45-11CF-9ABC-0080C7E7B78D}"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\ = "0"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\HELPDIR	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ = "DMSWinsockControlEvents"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Version\ = "1.0"	svchost.exe
Key deleted	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\FLAGS	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ = "Microsoft WinSock Control, version 6.0 (SP6)"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{0DE86A57-2BAA-11CF-A229-00AA003D7352}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD897-BB45-11CF-9ABC-0080C7E7B78D}\InprocServer32	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0\win32\ = "C:\\Windows\\SysWow64\\mswinsck.ocx"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock\CLSID	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\MiscStatus\1	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\MSWinsock.Winsock.1	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\VersionIndependentProgID\ = "MSWinsock.Winsock"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\Implemented Categories\{40FC6ED5-2438-11CF-A3DB-080036F12502}	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{248DD896-BB45-11CF-9ABC-0080C7E7B78D}\ToolboxBitmap32\ = "C:\\Windows\\SysWow64\\mswinsck.ocx, 1"	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}\1.0\0	svchost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{248DD892-BB45-11CF-9ABC-0080C7E7B78D}\ProxyStubClsid32	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{248DD893-BB45-11CF-9ABC-0080C7E7B78D}\TypeLib\Version = "1.0"	svchost.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
1180	svchost.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1648 wrote to memory of 1180	1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe	28
PID 1648 wrote to memory of 1180	1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe	28
PID 1648 wrote to memory of 1180	1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe	28
PID 1648 wrote to memory of 1180	1648	ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe	28

C:\Users\Admin\AppData\Local\Temp\ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe
"C:\Users\Admin\AppData\Local\Temp\ce37495c4cfc1b32c0f87445252d969e449e90528dc1f25b16f0f6380d2b4c14.exe"
1⤵
- Disables RegEdit via registry modification
- Loads dropped DLL
- Drops file in System32 directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1648
- C:\Windows\SysWOW64\import\svchost.exe
  "C:\Windows\System32\import\svchost.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Drops file in System32 directory
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:1180

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\import\svchost.exe

Filesize
56KB

MD5
dab537ad047b772b5e321868d9a73463

SHA1
a4172c7219f39ab000928d2f10e54a63686a6eec

SHA256
d7121fa6d97e1399e5aef87cdbebaa0db2425cc46dfcfa3dd9491622acf72b6d

SHA512
108dbbe231de0cfb0ae632d614b56f4d49b7b1a4ef4486b10622313632c6b9f2ac650bb3dbeeca36e37514edc3e4775eec20c9b7df2ce1f726e7b6b08b8a481b

Download Submit
C:\Windows\SysWOW64\import\svchost.exe

Filesize
56KB

MD5
dab537ad047b772b5e321868d9a73463

SHA1
a4172c7219f39ab000928d2f10e54a63686a6eec

SHA256
d7121fa6d97e1399e5aef87cdbebaa0db2425cc46dfcfa3dd9491622acf72b6d

SHA512
108dbbe231de0cfb0ae632d614b56f4d49b7b1a4ef4486b10622313632c6b9f2ac650bb3dbeeca36e37514edc3e4775eec20c9b7df2ce1f726e7b6b08b8a481b

Download Submit
C:\Windows\SysWOW64\mswinsck.ocx

Filesize
121KB

MD5
e8a2190a9e8ee5e5d2e0b599bbf9dda6

SHA1
4e97bf9519c83835da9db309e61ec87ddf165167

SHA256
80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

SHA512
57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

Download Submit
\Windows\SysWOW64\import\svchost.exe

Filesize
56KB

MD5
dab537ad047b772b5e321868d9a73463

SHA1
a4172c7219f39ab000928d2f10e54a63686a6eec

SHA256
d7121fa6d97e1399e5aef87cdbebaa0db2425cc46dfcfa3dd9491622acf72b6d

SHA512
108dbbe231de0cfb0ae632d614b56f4d49b7b1a4ef4486b10622313632c6b9f2ac650bb3dbeeca36e37514edc3e4775eec20c9b7df2ce1f726e7b6b08b8a481b

Download Submit
\Windows\SysWOW64\import\svchost.exe

Filesize
56KB

MD5
dab537ad047b772b5e321868d9a73463

SHA1
a4172c7219f39ab000928d2f10e54a63686a6eec

SHA256
d7121fa6d97e1399e5aef87cdbebaa0db2425cc46dfcfa3dd9491622acf72b6d

SHA512
108dbbe231de0cfb0ae632d614b56f4d49b7b1a4ef4486b10622313632c6b9f2ac650bb3dbeeca36e37514edc3e4775eec20c9b7df2ce1f726e7b6b08b8a481b

Download Submit
\Windows\SysWOW64\mswinsck.ocx

Filesize
121KB

MD5
e8a2190a9e8ee5e5d2e0b599bbf9dda6

SHA1
4e97bf9519c83835da9db309e61ec87ddf165167

SHA256
80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

SHA512
57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

Download Submit
\Windows\SysWOW64\mswinsck.ocx

Filesize
121KB

MD5
e8a2190a9e8ee5e5d2e0b599bbf9dda6

SHA1
4e97bf9519c83835da9db309e61ec87ddf165167

SHA256
80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

SHA512
57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

Download Submit
\Windows\SysWOW64\mswinsck.ocx

Filesize
121KB

MD5
e8a2190a9e8ee5e5d2e0b599bbf9dda6

SHA1
4e97bf9519c83835da9db309e61ec87ddf165167

SHA256
80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

SHA512
57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

Download Submit
\Windows\SysWOW64\mswinsck.ocx

Filesize
121KB

MD5
e8a2190a9e8ee5e5d2e0b599bbf9dda6

SHA1
4e97bf9519c83835da9db309e61ec87ddf165167

SHA256
80ab0b86de58a657956b2a293bd9957f78e37e7383c86d6cd142208c153b6311

SHA512
57f8473eedaf7e8aad3b5bcbb16d373fd6aaec290c3230033fc50b5ec220e93520b8915c936e758bb19107429a49965516425350e012f8db0de6d4f6226b42ee

Download Submit
memory/1648-56-0x00000000757B1000-0x00000000757B3000-memory.dmp

Filesize
8KB

Download