64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6

Analysis

max time kernel
150s
max time network
153s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06/05/2023, 22:16

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe
Size

727KB
MD5

c6314b5cd040daf5231ac25bfecbcec9
SHA1

6486de20c175b294e2e3d56fb9d95080018755cf
SHA256

64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6
SHA512

5726da80ac576e464fd3b3fe6192bdeeeb888c6ea9f0638a8b53ca69884652b24bf0dd436ca531fa5654925cec62f0e83155faf10805550323749c17d1b70497
SSDEEP

12288:ky90w7ew7KwqaAOESmhtvK8kL9ySEcEkjAKBV80w+oQVGf0J2zQhY:kyvew2wqaJHGK/L9s3kjAKrw100EG

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	58370288.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	58370288.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	58370288.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	58370288.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	58370288.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	58370288.exe

Executes dropped EXE 3 IoCs

pid	Process
1952	un786062.exe
2008	58370288.exe
1692	rk097984.exe

Loads dropped DLL 8 IoCs

pid	Process
1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe
1952	un786062.exe
1952	un786062.exe
1952	un786062.exe
2008	58370288.exe
1952	un786062.exe
1952	un786062.exe
1692	rk097984.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features	58370288.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	58370288.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un786062.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un786062.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2008	58370288.exe
2008	58370288.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2008	58370288.exe
Token: SeDebugPrivilege	1692	rk097984.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1852 wrote to memory of 1952	1852	64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe	26
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 2008	1952	un786062.exe	27
PID 1952 wrote to memory of 1692	1952	un786062.exe	28
PID 1952 wrote to memory of 1692	1952	un786062.exe	28
PID 1952 wrote to memory of 1692	1952	un786062.exe	28
PID 1952 wrote to memory of 1692	1952	un786062.exe	28
PID 1952 wrote to memory of 1692	1952	un786062.exe	28
PID 1952 wrote to memory of 1692	1952	un786062.exe	28
PID 1952 wrote to memory of 1692	1952	un786062.exe	28

C:\Users\Admin\AppData\Local\Temp\64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe
"C:\Users\Admin\AppData\Local\Temp\64a6567004369813944dfda8b564ddbe7f89208be4456aaae4e7176bb7f9d2e6.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1852
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un786062.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un786062.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1952
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1692

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un786062.exe

Filesize
573KB

MD5
d1a4ad2b241cdaecc41f832ca6e42c58

SHA1
0f6e5ab5e25bd92584841ff8f2dd4656fcddbeee

SHA256
0a5df4aea4a8448fc874a9c6c5f4baf7f7af0fa3aa0373a604bd9ca9a4eab99e

SHA512
04a0168940aed4dea9e1230a1f5480a253663da4f42c8559f72647f3fca7a7a6583487d2cb1bc1718079af3a075a9df838a43334d903e03ebb509a417a9a3bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un786062.exe

Filesize
573KB

MD5
d1a4ad2b241cdaecc41f832ca6e42c58

SHA1
0f6e5ab5e25bd92584841ff8f2dd4656fcddbeee

SHA256
0a5df4aea4a8448fc874a9c6c5f4baf7f7af0fa3aa0373a604bd9ca9a4eab99e

SHA512
04a0168940aed4dea9e1230a1f5480a253663da4f42c8559f72647f3fca7a7a6583487d2cb1bc1718079af3a075a9df838a43334d903e03ebb509a417a9a3bf6

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe

Filesize
332KB

MD5
9f19824690606be1143c47e3770329ef

SHA1
20a4520e14af0e9cb4d91cde9c5302f3b3da9feb

SHA256
72c939cd0ed9ed5f43a9e5653a31d7255e53d28051c33ddabf5085aa9f038242

SHA512
1b6ca7234d2c7163203ad27e8696f08d3a2db4df0c68d7b065e57821e03e8f4914f66d92cc7a1c4ed72415b7c1f76e358c4dc82c3b62da2c2d57fbb6a01593ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe

Filesize
332KB

MD5
9f19824690606be1143c47e3770329ef

SHA1
20a4520e14af0e9cb4d91cde9c5302f3b3da9feb

SHA256
72c939cd0ed9ed5f43a9e5653a31d7255e53d28051c33ddabf5085aa9f038242

SHA512
1b6ca7234d2c7163203ad27e8696f08d3a2db4df0c68d7b065e57821e03e8f4914f66d92cc7a1c4ed72415b7c1f76e358c4dc82c3b62da2c2d57fbb6a01593ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe

Filesize
332KB

MD5
9f19824690606be1143c47e3770329ef

SHA1
20a4520e14af0e9cb4d91cde9c5302f3b3da9feb

SHA256
72c939cd0ed9ed5f43a9e5653a31d7255e53d28051c33ddabf5085aa9f038242

SHA512
1b6ca7234d2c7163203ad27e8696f08d3a2db4df0c68d7b065e57821e03e8f4914f66d92cc7a1c4ed72415b7c1f76e358c4dc82c3b62da2c2d57fbb6a01593ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe

Filesize
415KB

MD5
e8b1be8f157bafbd98b443a2dd6c96a8

SHA1
046c91dec381b6ac7398a93769e00c65f7785ba3

SHA256
5852e58613e352e2d55cad24654252fe0e2152148438faa9e6aab0d90d281970

SHA512
b7da13a5b828d8f7f1afdb409b5c1cd8cc16a176aed48afe795a80dc79613a4f09fa0f6fa43b0fcb7e440803b7f6679775a6517f630e20c768512756c45e6927

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe

Filesize
415KB

MD5
e8b1be8f157bafbd98b443a2dd6c96a8

SHA1
046c91dec381b6ac7398a93769e00c65f7785ba3

SHA256
5852e58613e352e2d55cad24654252fe0e2152148438faa9e6aab0d90d281970

SHA512
b7da13a5b828d8f7f1afdb409b5c1cd8cc16a176aed48afe795a80dc79613a4f09fa0f6fa43b0fcb7e440803b7f6679775a6517f630e20c768512756c45e6927

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe

Filesize
415KB

MD5
e8b1be8f157bafbd98b443a2dd6c96a8

SHA1
046c91dec381b6ac7398a93769e00c65f7785ba3

SHA256
5852e58613e352e2d55cad24654252fe0e2152148438faa9e6aab0d90d281970

SHA512
b7da13a5b828d8f7f1afdb409b5c1cd8cc16a176aed48afe795a80dc79613a4f09fa0f6fa43b0fcb7e440803b7f6679775a6517f630e20c768512756c45e6927

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\un786062.exe

Filesize
573KB

MD5
d1a4ad2b241cdaecc41f832ca6e42c58

SHA1
0f6e5ab5e25bd92584841ff8f2dd4656fcddbeee

SHA256
0a5df4aea4a8448fc874a9c6c5f4baf7f7af0fa3aa0373a604bd9ca9a4eab99e

SHA512
04a0168940aed4dea9e1230a1f5480a253663da4f42c8559f72647f3fca7a7a6583487d2cb1bc1718079af3a075a9df838a43334d903e03ebb509a417a9a3bf6

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\un786062.exe

Filesize
573KB

MD5
d1a4ad2b241cdaecc41f832ca6e42c58

SHA1
0f6e5ab5e25bd92584841ff8f2dd4656fcddbeee

SHA256
0a5df4aea4a8448fc874a9c6c5f4baf7f7af0fa3aa0373a604bd9ca9a4eab99e

SHA512
04a0168940aed4dea9e1230a1f5480a253663da4f42c8559f72647f3fca7a7a6583487d2cb1bc1718079af3a075a9df838a43334d903e03ebb509a417a9a3bf6

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe

Filesize
332KB

MD5
9f19824690606be1143c47e3770329ef

SHA1
20a4520e14af0e9cb4d91cde9c5302f3b3da9feb

SHA256
72c939cd0ed9ed5f43a9e5653a31d7255e53d28051c33ddabf5085aa9f038242

SHA512
1b6ca7234d2c7163203ad27e8696f08d3a2db4df0c68d7b065e57821e03e8f4914f66d92cc7a1c4ed72415b7c1f76e358c4dc82c3b62da2c2d57fbb6a01593ac

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe

Filesize
332KB

MD5
9f19824690606be1143c47e3770329ef

SHA1
20a4520e14af0e9cb4d91cde9c5302f3b3da9feb

SHA256
72c939cd0ed9ed5f43a9e5653a31d7255e53d28051c33ddabf5085aa9f038242

SHA512
1b6ca7234d2c7163203ad27e8696f08d3a2db4df0c68d7b065e57821e03e8f4914f66d92cc7a1c4ed72415b7c1f76e358c4dc82c3b62da2c2d57fbb6a01593ac

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\58370288.exe

Filesize
332KB

MD5
9f19824690606be1143c47e3770329ef

SHA1
20a4520e14af0e9cb4d91cde9c5302f3b3da9feb

SHA256
72c939cd0ed9ed5f43a9e5653a31d7255e53d28051c33ddabf5085aa9f038242

SHA512
1b6ca7234d2c7163203ad27e8696f08d3a2db4df0c68d7b065e57821e03e8f4914f66d92cc7a1c4ed72415b7c1f76e358c4dc82c3b62da2c2d57fbb6a01593ac

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe

Filesize
415KB

MD5
e8b1be8f157bafbd98b443a2dd6c96a8

SHA1
046c91dec381b6ac7398a93769e00c65f7785ba3

SHA256
5852e58613e352e2d55cad24654252fe0e2152148438faa9e6aab0d90d281970

SHA512
b7da13a5b828d8f7f1afdb409b5c1cd8cc16a176aed48afe795a80dc79613a4f09fa0f6fa43b0fcb7e440803b7f6679775a6517f630e20c768512756c45e6927

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe

Filesize
415KB

MD5
e8b1be8f157bafbd98b443a2dd6c96a8

SHA1
046c91dec381b6ac7398a93769e00c65f7785ba3

SHA256
5852e58613e352e2d55cad24654252fe0e2152148438faa9e6aab0d90d281970

SHA512
b7da13a5b828d8f7f1afdb409b5c1cd8cc16a176aed48afe795a80dc79613a4f09fa0f6fa43b0fcb7e440803b7f6679775a6517f630e20c768512756c45e6927

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk097984.exe

Filesize
415KB

MD5
e8b1be8f157bafbd98b443a2dd6c96a8

SHA1
046c91dec381b6ac7398a93769e00c65f7785ba3

SHA256
5852e58613e352e2d55cad24654252fe0e2152148438faa9e6aab0d90d281970

SHA512
b7da13a5b828d8f7f1afdb409b5c1cd8cc16a176aed48afe795a80dc79613a4f09fa0f6fa43b0fcb7e440803b7f6679775a6517f630e20c768512756c45e6927

Download Submit
memory/1692-140-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-150-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-926-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-924-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-923-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-922-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-920-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-385-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-383-0x0000000004A50000-0x0000000004A90000-memory.dmp

Filesize
256KB

Download
memory/1692-381-0x0000000000260000-0x00000000002A6000-memory.dmp

Filesize
280KB

Download
memory/1692-158-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-156-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-154-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-152-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-148-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-146-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-144-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-142-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-138-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-136-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-134-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-132-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-123-0x0000000002470000-0x00000000024AC000-memory.dmp

Filesize
240KB

Download
memory/1692-124-0x0000000004990000-0x00000000049CA000-memory.dmp

Filesize
232KB

Download
memory/1692-125-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-126-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-128-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/1692-130-0x0000000004990000-0x00000000049C5000-memory.dmp

Filesize
212KB

Download
memory/2008-108-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-110-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-81-0x0000000004C90000-0x0000000004CD0000-memory.dmp

Filesize
256KB

Download
memory/2008-82-0x0000000000530000-0x0000000000548000-memory.dmp

Filesize
96KB

Download
memory/2008-78-0x00000000004F0000-0x000000000050A000-memory.dmp

Filesize
104KB

Download
memory/2008-83-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-84-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-112-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2008-111-0x0000000000400000-0x0000000000466000-memory.dmp

Filesize
408KB

Download
memory/2008-96-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-80-0x0000000004C90000-0x0000000004CD0000-memory.dmp

Filesize
256KB

Download
memory/2008-79-0x00000000002A0000-0x00000000002CD000-memory.dmp

Filesize
180KB

Download
memory/2008-86-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-100-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-102-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-104-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-106-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-98-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-94-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-90-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-92-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download
memory/2008-88-0x0000000000530000-0x0000000000543000-memory.dmp

Filesize
76KB

Download