Overview

overview

8

Static

static

1

URLScan

urlscan

1

https://tal-software...

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    123s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12/03/2023, 05:51

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://tal-software.com/products/tal-reverb-4

Score
8/10

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Loads dropped DLL 1 IoCs
  • Enumerates connected drives 3 TTPs 48 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 8 IoCs
  • Checks SCSI registry key(s) 3 TTPs 5 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs
  • Modifies Internet Explorer settings 1 TTPs 64 IoCs
    adwarespyware
  • Modifies registry class 2 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://tal-software.com/products/tal-reverb-4
    1⤵
    • Modifies Internet Explorer Phishing Filter
    • Modifies Internet Explorer settings
    • Modifies registry class
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2788
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2788 CREDAT:17410 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1008
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:3640
    • C:\Windows\System32\msiexec.exe
      "C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\AppData\Local\Temp\Temp1_install_tal-reverb-4.zip\installer_aax_64.msi"
      1⤵
      • Blocklisted process makes network request
      • Enumerates connected drives
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:2624
    • C:\Windows\system32\msiexec.exe
      C:\Windows\system32\msiexec.exe /V
      1⤵
      • Enumerates connected drives
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4352
      • C:\Windows\syswow64\MsiExec.exe
        C:\Windows\syswow64\MsiExec.exe -Embedding B63062EF98BEC8D2A35270FCA65AF272 C
        2⤵
        • Loads dropped DLL
        PID:5104
      • C:\Windows\system32\srtasks.exe
        C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
        2⤵
          PID:4740
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Checks SCSI registry key(s)
        PID:4548
      • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
        "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_install_tal-reverb-4.zip\TAL Software Install instructions.docx" /o ""
        1⤵
        • Suspicious behavior: AddClipboardFormatListener
        • Suspicious use of SetWindowsHookEx
        PID:4296

      Network

            MITRE ATT&CK Enterprise v6

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Config.Msi\e57ef33.rbs
              Filesize

              8KB

              MD5

              6185c6edc7e67804d2019ac24409706b

              SHA1

              e9fb2722d1576c67df6d80fcbf5b643d79e9f3a6

              SHA256

              d64515bb5f7f5203242688d9afd8b03afed73256abfdd2ef1cf7bc14a4ea8822

              SHA512

              6133be37df9b6709b6be545dc87662715c38cb06bddce6d9fa8064f54c389a99a85f87e9c14d339060145de219c0d36e999ce5e8e7f2ec50c70ae7dac2977970

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
              Filesize

              765B

              MD5

              9fff0468cdbc93f4efccf7e304006f61

              SHA1

              58b8c9167408b153cc54f6ed4d8f1f6cde794938

              SHA256

              65574aad18182d6c75216d1fcb45bf5ca8baa95038b60309a6fd5651c86fecff

              SHA512

              32af1a7dde2d8bfe72075c124697da1e809e84e6411e737513e7055c945afa4cdc5bab7289f56c6a6548ffac3e2224b0756181c7235de4084c4d8bc868d3b2f1

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              471B

              MD5

              98810c398fb29400ccdfae671f6499b2

              SHA1

              2619ab71f6cf34191b0c32e501f19d5c604cbd1a

              SHA256

              f0f3f28dcd6ecd079578e6b35c064dc2cfcafa91cbba3d2ebf78cfa09d305d8e

              SHA512

              2401355cb419297cba87172d3540514f42f7162e316f648c2eafbe90d42fe49717c5a0b786de3b38ae5ae5c08dc6c0f8b46d5d25729ee7c4454ff224881d1ce8

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\AEACCDA8653DD8D7B2EA32F21D15D44F_277F8E492B8AAAA0365B69A7D9690381
              Filesize

              638B

              MD5

              dd7eb018dc05a38330f1c8050c01b64a

              SHA1

              6d82a87121ecd91fd2c306d2d9111a52b4d858d3

              SHA256

              dd27e855a587ae504c423f1a330ea512d03d347b95e8b6962498f3c2b71b6d57

              SHA512

              85e48c0073d21892d28fb1f95c65c862086345f5f430eb03ed4cf0cdd193f82731742f03a11f19ddbe213f6a5d1c5d084c08fe6dc999867113f98fbfbe342b7e

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
              Filesize

              1KB

              MD5

              a080f020cade47ccb36ac24db1830623

              SHA1

              8b2ac0fe31f3f518a533030d8b3da6bcf34ff04f

              SHA256

              b1c512c38c4a64c83e3eede94c91391ba5767006b1547615d2a25e67561522ce

              SHA512

              5674a19923003b3f86c1e4caf0fa1daee8dab45d0fe29665058a9faa20fef1bed6379ea757633490d6a796c9a8de4b230eb6cfc611061f66c2bed364a8228d08

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\18E6B4A57A6BC7EC9B861CDF2D6D0D02_C3B142D2C5374581DC2FDFFDEDBDEDDB
              Filesize

              484B

              MD5

              f285505ccf11cddc56ddd2956aa2aeee

              SHA1

              043533dafe2e3c30510dc7e2431713f11800d0a4

              SHA256

              5f486adc5b3487b0c3609df7da3437afe1b705db8e36ba1a8d7287d3a22aac6b

              SHA512

              357ff3f7c74bd36cec8e84d16fbd4d69a190530c5aab5f5c69050e80da7c0a5aed6233c72763b03bc1a7a5ed47ade92f9fde5324530be46dc01469b1987906f7

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
              Filesize

              404B

              MD5

              badac90de5acb4367bcfc1bc4b663d6c

              SHA1

              9a1665184507730fbc481b96cdd66ae5d50d7674

              SHA256

              8eaf18ab7156171ab808510e35f49ed5f0e540664c7e31bf665bc7b867f5764f

              SHA512

              ccaa0c5f2595197818ddcab81f6d4e6d660ea50b88472d80e34fe2e17295caaedeac5785b3828c55f965a6fa1101618e9cb445de55f2c00e987d151b8d2f17c4

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\AEACCDA8653DD8D7B2EA32F21D15D44F_277F8E492B8AAAA0365B69A7D9690381
              Filesize

              484B

              MD5

              7d6d21cafbce9ce2c102cd685b0ff32b

              SHA1

              4c34d402d7721cc59a7930d2be7657c05c1dd981

              SHA256

              a7f7ce2d0a85b1a67771d72b1c50dddead6a40ab09313f685b74664929139918

              SHA512

              bb108584bb800a809b7fa6e608755167b65e93b8af98f2540e0082c4ec2faa2420c585f6164b3ea001db1185113ef35b5f49605ec6ee6ad439031e64171b0289

              Download Submit

            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_93702E680A5530C052C8D2BA33A2225F
              Filesize

              482B

              MD5

              88a4e4e97628511b17d70373e61f646e

              SHA1

              5074dd0bb0fd4b49f87ff886b81da759021e18ed

              SHA256

              cc27362d10f2ea5e06b31dea307aa97c033ce1d4fce9f53bc05fc1011f9aa970

              SHA512

              5628e823f6106a4d3267eb47dad76189fd562ccaeff1656d0e08524b08732803c8fc4c182bf22354c86223d00cb5e9a2be74f306c40ae37dc4e03f4093f73063

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JAJ4NCRP\www.youtube[1].xml
              Filesize

              13B

              MD5

              c1ddea3ef6bbef3e7060a1a9ad89e4c5

              SHA1

              35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

              SHA256

              b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

              SHA512

              6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JAJ4NCRP\www.youtube[1].xml
              Filesize

              5KB

              MD5

              b5e4952e7336511e8714064e6d00522f

              SHA1

              875fe26ede2e5bd3c6f91b47ec76bdfd3da8d4eb

              SHA256

              569fe6fdc36bf4c66acbf716eab4d37749cc4380f406b36fc5cd193fef5ff08b

              SHA512

              62fdc493dc404fffa8f20357e2d836c6a78a0f113db543b04d14d772f9251adfbcea4dc6375efbfb62acd7b47b5e9b7ee96c7703b6c138a1aa27b05fc50fc5a8

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JAJ4NCRP\www.youtube[1].xml
              Filesize

              985B

              MD5

              c812ffea1b2bb911a408d7e21e6162a0

              SHA1

              9f7ee80b407f07013927dd0f93b35a81a002a772

              SHA256

              3b0deb04f9f60bc6b8be59a1188d497766765719e5b8ac748d4a6f98c0f73c72

              SHA512

              96478fdf7360c505cf70086efc0a426e34b28928ffb6d6e8539c1c5adb04bf6ffb1b9e44507fc849abbbe741e28b0805739b423ff624b4e28663495bfca01b7f

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JAJ4NCRP\www.youtube[1].xml
              Filesize

              2KB

              MD5

              441df67bcc110f7f50d3c45b92257a2a

              SHA1

              6ca3165292ff3f8b7d87a52031dd7e2dd70b164f

              SHA256

              0af84620780ed8cabcdc4f52c007b338bf421efae796ae5b3d83ec74c360a274

              SHA512

              3e0008c77c8e8d3d28bc2599d70f36b31190c2e8e982ed35e885be4fff7fa2bf1286635556ee3ee1b3b5145372210ba08b38ef2775f11784a401741b04e301ab

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JAJ4NCRP\www.youtube[1].xml
              Filesize

              2KB

              MD5

              dcd1ab13eeefa1033da8996531f370c1

              SHA1

              6c76e9573057625c1742f7806ab34425405a6f90

              SHA256

              f073844cfc7a0603954fa613eba721b12ea145575382bbba598cac0638e0858b

              SHA512

              a74d62df0f5e772ae44fcaa8d43246a4313b3c689ebc3918cd5ebf8e13e855980aa3d422d031ada46ce5ab6f8cbc2c8c97192964911a32325d0f0f6259c7f8ab

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\JAJ4NCRP\www.youtube[1].xml
              Filesize

              2KB

              MD5

              fcdfeaad7998edaeb75254e8737c65dc

              SHA1

              89ee46a9dac7c40fa9f15ec25026b5750ec686e1

              SHA256

              e762cef1eea06e2ad6d4e1dadb6bec175540b973d75daf3227ae066b8279fc36

              SHA512

              8d7416530d54b576033e757b7906602e15f2cc41df604eb7e7711031d2c498ef7f5498bff87007c296a1bfe3449fe37aa02965a0b208a48d11148d6c051c1d28

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DomainSuggestions\en-US.1
              Filesize

              17KB

              MD5

              5a34cb996293fde2cb7a4ac89587393a

              SHA1

              3c96c993500690d1a77873cd62bc639b3a10653f

              SHA256

              c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

              SHA512

              e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verE302.tmp
              Filesize

              15KB

              MD5

              1a545d0052b581fbb2ab4c52133846bc

              SHA1

              62f3266a9b9925cd6d98658b92adec673cbe3dd3

              SHA256

              557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

              SHA512

              bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
              Filesize

              16KB

              MD5

              b6601b7628193cb57699233e30b37063

              SHA1

              cd5e3953caf215f4f0d53db82058565d2498b3ff

              SHA256

              a52ae77fd29bc13db73fb2392ec1e5f126cdf8255330f50425bcc49cac28f9ec

              SHA512

              77ecb4bf091e027a32e98b2f7f99860c7f1003fd00aa7ba8f2eac5400d3d06219d3b4e9880ce48eeb3a55c71661c1d46b56a9f1374289308fa46ad0496aa4efd

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\favicon[1].ico
              Filesize

              16KB

              MD5

              c2bbcd8f132285a58c8c4a9e7178659d

              SHA1

              890a00aa4e8fecd73ec096fc5806a3fe94f1ab2b

              SHA256

              33146007f0d345c924cb77ee2b0471844a8fd9e430431f0344cc6a08e17c2062

              SHA512

              287731b89154f8e6591e0b627b1c40ed6f08b97b22c3d7b9df304847cb7018a565ee25bb37ac3a039bacfb69522f5ecf95df962b6de0f207d64eba971c3a35d4

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\favicon[1].ico
              Filesize

              16KB

              MD5

              c2bbcd8f132285a58c8c4a9e7178659d

              SHA1

              890a00aa4e8fecd73ec096fc5806a3fe94f1ab2b

              SHA256

              33146007f0d345c924cb77ee2b0471844a8fd9e430431f0344cc6a08e17c2062

              SHA512

              287731b89154f8e6591e0b627b1c40ed6f08b97b22c3d7b9df304847cb7018a565ee25bb37ac3a039bacfb69522f5ecf95df962b6de0f207d64eba971c3a35d4

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\install_tal-reverb-4[1].zip
              Filesize

              14.9MB

              MD5

              df04731de439263e90c51061bfafa77d

              SHA1

              68866f873556ad314c308538a547a67eaa15414d

              SHA256

              48a96bfa37f725e6dcdca216bc8ac7bedc5b62932e67b606056e5fbd294d0bd1

              SHA512

              f63ae66fddb780d30feb34a2bd9d92c31301e43af1d39189697cda38b4d1de2c7012eadbde32ab500d40075e7138d82c13ca8fb086b282351d1a32985889dbc9

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\MSI8107.tmp
              Filesize

              87KB

              MD5

              044d3a1361b7d9e30b975b6e1c6b41d1

              SHA1

              f1145ec58d8a59b63e998d926d7f7fde472dcb75

              SHA256

              4604bdec70bb6bb1f4dce4d26d1d583a5f006738f2d679b2aec0d39bd147c442

              SHA512

              ebcad89013d9667ffd16e585cb819370c2ab540c56672801a3f27518a9521e8fd91fc1fb25fd853022e311fd06c6ab48a7c20c28e5ae8ea6aae6e418277d7c80

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\MSI8107.tmp
              Filesize

              87KB

              MD5

              044d3a1361b7d9e30b975b6e1c6b41d1

              SHA1

              f1145ec58d8a59b63e998d926d7f7fde472dcb75

              SHA256

              4604bdec70bb6bb1f4dce4d26d1d583a5f006738f2d679b2aec0d39bd147c442

              SHA512

              ebcad89013d9667ffd16e585cb819370c2ab540c56672801a3f27518a9521e8fd91fc1fb25fd853022e311fd06c6ab48a7c20c28e5ae8ea6aae6e418277d7c80

              Download Submit

            • C:\Users\Admin\Downloads\install_tal-reverb-4.zip.08qs017.partial
              Filesize

              14.9MB

              MD5

              df04731de439263e90c51061bfafa77d

              SHA1

              68866f873556ad314c308538a547a67eaa15414d

              SHA256

              48a96bfa37f725e6dcdca216bc8ac7bedc5b62932e67b606056e5fbd294d0bd1

              SHA512

              f63ae66fddb780d30feb34a2bd9d92c31301e43af1d39189697cda38b4d1de2c7012eadbde32ab500d40075e7138d82c13ca8fb086b282351d1a32985889dbc9

              Download Submit

            • C:\Windows\Installer\e57ef32.msi
              Filesize

              2.8MB

              MD5

              35c6b47785dc85cb17dc2f72a928c315

              SHA1

              3fd01b6a5a5a8f5f862d87055fa620488cf82a2b

              SHA256

              b1e3f18f34671a2d2089c7b2ccdf12c6f419185c7dff711a77f3920c11a567c9

              SHA512

              729f3378742697dd43fd82acf546f16b0ded69c9d25eabe82cdbb57ac17b3be7ed3dc26722b2a884d076337607e05f423d769c8a813663c83bc911afa83301b8

              Download Submit

            • \??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
              Filesize

              23.0MB

              MD5

              dac825d56cfcb33e874a4140e2dc05eb

              SHA1

              e3a83e8feb7d0854fa7548893d12351dc27dcc8f

              SHA256

              8e2237f39e8f9b5b499bc49e29bd82e8ad30ecb8cac181b2d0dc04ddfd5df875

              SHA512

              15a927e3b62dcaab98cdd2d9c563f5a428896fdd60403b5aa9d0a4ac6aa3c4c6476d87ac11a60116b688a87ee211b4b6742e90e186d1812a75bfdca05ef79017

              Download Submit

            • \??\Volume{af0fc727-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{a4a3b41c-bcee-4fc8-bdd0-8a23600d69c2}_OnDiskSnapshotProp
              Filesize

              5KB

              MD5

              3f0794a2da04349cae6e32c8fba6976d

              SHA1

              503c16797b9039ac81dc6a8a461d2123aa509c20

              SHA256

              36ad5c60c72cb754c4a9f8e907dd41b61c83732fcbc3b3290de282eaad721baa

              SHA512

              a55f9447735aaa5e2b170a90104519278dd981477615c7eb3ffc1d50867feaf7efe3473ef981f83ccc3c81f6546357ea186baf87cc5f2aa78c4b7a80279abb56

              Download Submit

            • memory/4296-449-0x00007FFE81F90000-0x00007FFE81FA0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4296-451-0x00007FFE81F90000-0x00007FFE81FA0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4296-450-0x00007FFE81F90000-0x00007FFE81FA0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4296-452-0x00007FFE81F90000-0x00007FFE81FA0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4296-453-0x00007FFE81F90000-0x00007FFE81FA0000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4296-454-0x00007FFE7F730000-0x00007FFE7F740000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4296-455-0x00007FFE7F730000-0x00007FFE7F740000-memory.dmp

              Filesize

              64KB

              Download