58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd

Analysis

max time kernel
148s
max time network
155s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
06/05/2023, 22:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe
Size

690KB
MD5

908240e5c1665b139a9ba380eeb205e8
SHA1

4ec7851f7871c726f409a425d22f24eb6ccbdc20
SHA256

58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd
SHA512

272a54ffde13d4571367db760ce8fdcd52fe086a5b8ef7c1fe5c1bc2b0d6eed68693639f389defa63e2272766a94e7de98fe229e49e6ae745a7ab66466eaf7b1
SSDEEP

12288:Cy90h1fU9R9ukIEmbP7qWfkfRkTD1izY3rJeUGZniNRmuqFQfaZBWBURqL:CyQJUzIX5bDqWfGRSDEoFN8HZMBURW

Score

10^/10

evasion persistence trojan

Malware Config

Signatures

Modifies Windows Defender Real-time Protection settings 3 TTPs 6 IoCs

evasion trojan

Modify Registry

T1112

Modify Existing Service

T1031

Disabling Security Tools

T1089

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableOnAccessProtection = "1"	31927504.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableRealtimeMonitoring = "1"	31927504.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableScanOnRealtimeEnable = "1"	31927504.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection	31927504.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableBehaviorMonitoring = "1"	31927504.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection\DisableIOAVProtection = "1"	31927504.exe

Executes dropped EXE 3 IoCs

pid	Process
1556	un913261.exe
1100	31927504.exe
2000	rk719507.exe

Loads dropped DLL 8 IoCs

pid	Process
1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe
1556	un913261.exe
1556	un913261.exe
1556	un913261.exe
1100	31927504.exe
1556	un913261.exe
1556	un913261.exe
2000	rk719507.exe

Windows security modification 2 TTPs 2 IoCs

evasion trojan

Disabling Security Tools

T1089

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features	31927504.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows Defender\Features\TamperProtection = "0"	31927504.exe

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	un913261.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup1 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP001.TMP\\\""	un913261.exe
Key created	\REGISTRY\MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\wextract_cleanup0 = "rundll32.exe C:\\Windows\\system32\\advpack.dll,DelNodeRunDLL32 \"C:\\Users\\Admin\\AppData\\Local\\Temp\\IXP000.TMP\\\""	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
1100	31927504.exe
1100	31927504.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1100	31927504.exe
Token: SeDebugPrivilege	2000	rk719507.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1724 wrote to memory of 1556	1724	58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe	28
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 1100	1556	un913261.exe	29
PID 1556 wrote to memory of 2000	1556	un913261.exe	30
PID 1556 wrote to memory of 2000	1556	un913261.exe	30
PID 1556 wrote to memory of 2000	1556	un913261.exe	30
PID 1556 wrote to memory of 2000	1556	un913261.exe	30
PID 1556 wrote to memory of 2000	1556	un913261.exe	30
PID 1556 wrote to memory of 2000	1556	un913261.exe	30
PID 1556 wrote to memory of 2000	1556	un913261.exe	30

C:\Users\Admin\AppData\Local\Temp\58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe
"C:\Users\Admin\AppData\Local\Temp\58a2d140a8e6fe3267893fa6ab13c6967dd7e30fc50108bad765da97ec108bcd.exe"
1⤵
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1724
- C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe
  C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious use of WriteProcessMemory
  PID:1556
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe
    3⤵
    - Modifies Windows Defender Real-time Protection settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Windows security modification
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe
    C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2000

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Modify Existing Service

T1031

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Disabling Security Tools

T1089

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe

Filesize
536KB

MD5
3906b429d3c0933f8be8b2c56152a81e

SHA1
09d2617326ecd5b62015a632f922218b021ed6e5

SHA256
7f1c2ccda53779ced5358a1df7f238d380f316494309859e3c27217dc43d93dd

SHA512
51d862514885ac5c0c4ab2dd383a2c962713a9be35ddb2448fcb467321819823ed3faca8684a3d4e2d481f395b27bc4ac0e89be681c4500917cc1ec77e9d7dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe

Filesize
536KB

MD5
3906b429d3c0933f8be8b2c56152a81e

SHA1
09d2617326ecd5b62015a632f922218b021ed6e5

SHA256
7f1c2ccda53779ced5358a1df7f238d380f316494309859e3c27217dc43d93dd

SHA512
51d862514885ac5c0c4ab2dd383a2c962713a9be35ddb2448fcb467321819823ed3faca8684a3d4e2d481f395b27bc4ac0e89be681c4500917cc1ec77e9d7dc8

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe

Filesize
258KB

MD5
4f93893025a58e0ade79a4b5fc7f3be1

SHA1
9babd72b01dcf710db9f30588f9fe1b913245489

SHA256
30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

SHA512
1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe

Filesize
258KB

MD5
4f93893025a58e0ade79a4b5fc7f3be1

SHA1
9babd72b01dcf710db9f30588f9fe1b913245489

SHA256
30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

SHA512
1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe

Filesize
258KB

MD5
4f93893025a58e0ade79a4b5fc7f3be1

SHA1
9babd72b01dcf710db9f30588f9fe1b913245489

SHA256
30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

SHA512
1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe

Filesize
341KB

MD5
229c1a35505e694da5bd343f98da5d2b

SHA1
6fa3e782c752063fc4dfe524a787a9e8cb5fd408

SHA256
64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

SHA512
dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe

Filesize
341KB

MD5
229c1a35505e694da5bd343f98da5d2b

SHA1
6fa3e782c752063fc4dfe524a787a9e8cb5fd408

SHA256
64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

SHA512
dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

Download Submit
C:\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe

Filesize
341KB

MD5
229c1a35505e694da5bd343f98da5d2b

SHA1
6fa3e782c752063fc4dfe524a787a9e8cb5fd408

SHA256
64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

SHA512
dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe

Filesize
536KB

MD5
3906b429d3c0933f8be8b2c56152a81e

SHA1
09d2617326ecd5b62015a632f922218b021ed6e5

SHA256
7f1c2ccda53779ced5358a1df7f238d380f316494309859e3c27217dc43d93dd

SHA512
51d862514885ac5c0c4ab2dd383a2c962713a9be35ddb2448fcb467321819823ed3faca8684a3d4e2d481f395b27bc4ac0e89be681c4500917cc1ec77e9d7dc8

Download Submit
\Users\Admin\AppData\Local\Temp\IXP000.TMP\un913261.exe

Filesize
536KB

MD5
3906b429d3c0933f8be8b2c56152a81e

SHA1
09d2617326ecd5b62015a632f922218b021ed6e5

SHA256
7f1c2ccda53779ced5358a1df7f238d380f316494309859e3c27217dc43d93dd

SHA512
51d862514885ac5c0c4ab2dd383a2c962713a9be35ddb2448fcb467321819823ed3faca8684a3d4e2d481f395b27bc4ac0e89be681c4500917cc1ec77e9d7dc8

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe

Filesize
258KB

MD5
4f93893025a58e0ade79a4b5fc7f3be1

SHA1
9babd72b01dcf710db9f30588f9fe1b913245489

SHA256
30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

SHA512
1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe

Filesize
258KB

MD5
4f93893025a58e0ade79a4b5fc7f3be1

SHA1
9babd72b01dcf710db9f30588f9fe1b913245489

SHA256
30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

SHA512
1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\31927504.exe

Filesize
258KB

MD5
4f93893025a58e0ade79a4b5fc7f3be1

SHA1
9babd72b01dcf710db9f30588f9fe1b913245489

SHA256
30111bcde81aabb52af4da519bf95c2a0b85c1ee30d3cc8c47545d1f1144826c

SHA512
1668193d9e4aeb9c5bbeb8548c3af9483fa5be65c53a7183a9929582df3c2c917a52cbc8e7f81e02548a433558d0dd6415474d06ea07bc78f8072f6aa00a6fb0

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe

Filesize
341KB

MD5
229c1a35505e694da5bd343f98da5d2b

SHA1
6fa3e782c752063fc4dfe524a787a9e8cb5fd408

SHA256
64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

SHA512
dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe

Filesize
341KB

MD5
229c1a35505e694da5bd343f98da5d2b

SHA1
6fa3e782c752063fc4dfe524a787a9e8cb5fd408

SHA256
64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

SHA512
dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

Download Submit
\Users\Admin\AppData\Local\Temp\IXP001.TMP\rk719507.exe

Filesize
341KB

MD5
229c1a35505e694da5bd343f98da5d2b

SHA1
6fa3e782c752063fc4dfe524a787a9e8cb5fd408

SHA256
64e540a43f308368cd1ab12ab91928bcf2afdd8928dec2d32263d3385df2a4ec

SHA512
dda7521d3d82ea5e634c822820b3a6ea58046bc6e7dba803243591c6e7c05b6daecee0addf5548041512affee5480dc0f13e02de1aee2e1e77bd54c7a5a9c612

Download Submit
memory/1100-112-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/1100-89-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-91-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-93-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-95-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-97-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-99-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-101-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-103-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-105-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-107-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-109-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/1100-110-0x0000000004A60000-0x0000000004AA0000-memory.dmp

Filesize
256KB

Download
memory/1100-108-0x00000000002B0000-0x00000000002DD000-memory.dmp

Filesize
180KB

Download
memory/1100-111-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1100-87-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-117-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1100-85-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-83-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-81-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-80-0x00000000021A0000-0x00000000021B3000-memory.dmp

Filesize
76KB

Download
memory/1100-79-0x00000000021A0000-0x00000000021B8000-memory.dmp

Filesize
96KB

Download
memory/1100-78-0x00000000004C0000-0x00000000004DA000-memory.dmp

Filesize
104KB

Download
memory/2000-130-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-151-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-128-0x00000000021F0000-0x000000000222C000-memory.dmp

Filesize
240KB

Download
memory/2000-131-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-133-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-135-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-137-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-139-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-141-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-143-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-145-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-147-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-149-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-129-0x0000000002270000-0x00000000022AA000-memory.dmp

Filesize
232KB

Download
memory/2000-153-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-155-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-157-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-159-0x0000000002270000-0x00000000022A5000-memory.dmp

Filesize
212KB

Download
memory/2000-319-0x0000000000300000-0x0000000000346000-memory.dmp

Filesize
280KB

Download
memory/2000-321-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-323-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-325-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-927-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-928-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-929-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-932-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download
memory/2000-935-0x0000000002230000-0x0000000002270000-memory.dmp

Filesize
256KB

Download