Overview

overview

8

Static

static

3

Install.exe

windows7-x64

1

Install.exe

windows10-2004-x64

1

Setup_00.exe

windows7-x64

8

Setup_00.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    120s
  • max time network
    145s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 23:20

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup_00.exe

  • Size

    1.2MB

  • MD5

    d59834b63e2b500a74130c07bb801ce6

  • SHA1

    2bb98af8a9f643d4ba1ec1b7166b197526e3c30a

  • SHA256

    c3c52be4316da1412f125ed5551a282ca977fb2764ad15074ec3bf91803e8678

  • SHA512

    89011e6bffb19121b2751b8cfe777bed8f5e898dcadf764f38d4726eebbbc5889874a7ee5c58ccbb77f268566807626845b815e71b7d7be0fa5d43b06e491ae4

  • SSDEEP

    24576:bPkPHxZN84YhACUpsjQ9XaqK/FSCwhSQoQWD7zBNDujvbOHMm:b6ODhAmWK/vXDPfHMm

Score
8/10
persistenceupx

Malware Config

Signatures

  • Modifies Installed Components in the registry 2 TTPs 1 IoCs
    persistence
  • Executes dropped EXE 5 IoCs
  • UPX packed file 5 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 2 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • AutoIT Executable 4 IoCs

    AutoIT scripts compiled to PE executables.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 22 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 38 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of FindShellTrayWindow 57 IoCs
  • Suspicious use of SendNotifyMessage 26 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 20 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup_00.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup_00.exe"
    1⤵
    • Adds Run key to start application
    • Suspicious use of WriteProcessMemory
    PID:2160
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eToro_MusicOasisInstaller.exe
      C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eToro_MusicOasisInstaller.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2128
      • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Forextrading.exe
        Forextrading.exe
        3⤵
          PID:4028
        • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vd.exe
          vd.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of WriteProcessMemory
          PID:1636
    • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\appsetup.exe
      "appsetup.exe"
      1⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4936
    • C:\Users\Admin\AppData\Local\Temp\eToroSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\eToroSetup.exe"
      1⤵
      • Executes dropped EXE
      PID:780
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 780 -s 1732
        2⤵
        • Program crash
        PID:4252
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1864
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1864 CREDAT:17410 /prefetch:2
        2⤵
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2292
    • C:\Program Files (x86)\Internet Explorer\ielowutil.exe
      "C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
      1⤵
        PID:5008
      • C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
        "C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1208
      • C:\Windows\Explorer.Exe
        "C:\Windows\Explorer.Exe"
        1⤵
        • Modifies Installed Components in the registry
        • Enumerates connected drives
        • Checks SCSI registry key(s)
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:4000
      • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
        "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
        1⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1684
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 780 -ip 780
        1⤵
          PID:2972
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Executes dropped EXE
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:4028
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:4740
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:4768
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
          • Modifies registry class
          • Suspicious use of SetWindowsHookEx
          PID:2484
        • C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
          "C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe" -ServerName:CortanaUI.AppX8z9r6jm96hw4bsbneegw0kyxx296wr9t.mca
          1⤵
            PID:5408

          Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\verC767.tmp
                  Filesize

                  15KB

                  MD5

                  1a545d0052b581fbb2ab4c52133846bc

                  SHA1

                  62f3266a9b9925cd6d98658b92adec673cbe3dd3

                  SHA256

                  557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

                  SHA512

                  bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

                  Download Submit

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\PZ64U2GI\suggestions[1].en-US
                  Filesize

                  17KB

                  MD5

                  5a34cb996293fde2cb7a4ac89587393a

                  SHA1

                  3c96c993500690d1a77873cd62bc639b3a10653f

                  SHA256

                  c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                  SHA512

                  e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Office_SETLANG_EXE_15
                  Filesize

                  36KB

                  MD5

                  0e2a09c8b94747fa78ec836b5711c0c0

                  SHA1

                  92495421ad887f27f53784c470884802797025ad

                  SHA256

                  0c1cdbbf6d974764aad46477863059eaec7b1717a7d26b025f0f8fe24338bb36

                  SHA512

                  61530a33a6109467962ba51371821ea55bb36cd2abc0e7a15f270abf62340e9166e66a1b10f4de9a306b368820802c4adb9653b9a5acd6f1e825e60128fd2409

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\AppIconCache\100\Microsoft_Windows_Explorer
                  Filesize

                  36KB

                  MD5

                  ab0262f72142aab53d5402e6d0cb5d24

                  SHA1

                  eaf95bb31ae1d4c0010f50e789bdc8b8e3116116

                  SHA256

                  20a108577209b2499cfdba77645477dd0d9771a77d42a53c6315156761efcfbb

                  SHA512

                  bf9580f3e5d1102cf758503e18a2cf98c799c4a252eedf9344f7c5626da3a1cf141353f01601a3b549234cc3f2978ad31f928068395b56f9f0885c07dbe81da1

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133480360372168813.txt
                  Filesize

                  42KB

                  MD5

                  dae8ac8e9f8601711475d3b922cfbc2e

                  SHA1

                  c3cb9738b4e8e132817b4580586a8c873aa6b28b

                  SHA256

                  247a3481007bae110191c0abe9bba7731198cc7bfc0949dc665d5b12458e4613

                  SHA512

                  ac7ac71048777f189e0ef595873194e78ef42c88b88eb774a78a87db7183beb9f2b170ee759487e675106b692bd20ee95ae21566d8a1f8954a43c377b626784f

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\Microsoft.Windows.Search_cw5n1h2txyewy\LocalState\DeviceSearchCache\AppCache133480360441345573.txt
                  Filesize

                  74KB

                  MD5

                  c09e63e4b960a163934b3c29f3bd2cc9

                  SHA1

                  d3a43b35c14ae2e353a1a15c518ab2595f6a0399

                  SHA256

                  308deca5e1ef4d875fbe0aff3ce4b0b575b28e643dffda819d4390ec77faf157

                  SHA512

                  5ca3321034dff47e3afe0b0bdfaffc08782991660910a29375a8e0363794b78247282aba65dbd882ae225aa140ae63927dfd0946a441ee6fa64a1d8c146777b9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Packages\microsoft.windows.search_cw5n1h2txyewy\AC\Microsoft\Internet Explorer\DOMStore\UA6WZR2N\microsoft.windows[1].xml
                  Filesize

                  96B

                  MD5

                  b97f6e2cc1520a2e8426851cb68f3b0f

                  SHA1

                  33a930fe90facb202ec3cd87ca0275af9dd20155

                  SHA256

                  a3546f0c8e475abc90346821be3c3d67f522161ea876c3d14247ba6d79a2b5aa

                  SHA512

                  9b3771942ffce17a52d4c0598bd0d4bb8f196c8731e5b129524b3d9507d411895e4c43d84479f06e5fb28c3403d6b0ec63b97f3a3cdb598873d17fd637abd06a

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Forextrading.exe
                  Filesize

                  88KB

                  MD5

                  598f9afd28efe3a5a18c78a446f0de2a

                  SHA1

                  4deee6b34503405ad3ebd397c016a9d3feb87548

                  SHA256

                  393c880dce25c5d586b31e6b97e07421e0923f2865199be8e762eedf260cd048

                  SHA512

                  7c6764b70b44fad8a44b21a8c604123e767fa07097ecf5b3b02f29c230a32956abd0009b49c737a62aabffcb36f06e492b3e60e31abccee6384069cc4feb9dd0

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\Forextrading.exe
                  Filesize

                  66KB

                  MD5

                  046d484a9daaa71c115497a20b6f7710

                  SHA1

                  6a57864a95d49e713aa8079fef3d3b63f56404f0

                  SHA256

                  4ec7624efa9f4c34648cd07b160dca0ac38719082f4f235b224b0496ec278d28

                  SHA512

                  fe502265c9f03733a0c9a1345aa653b711c7d3e1ee3e4577108c21a7d32cf43d6e5bd69511b3c036dfdf7d342480d972a5890fc2e21146aa41eb0655905eabf9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\appsetup.exe
                  Filesize

                  64KB

                  MD5

                  953b746b3f8ce65741184f8426eaa6c8

                  SHA1

                  80e3dbc5c052560ba640b6c3948b0e0108126097

                  SHA256

                  2a3b34923ef6c28010e7698fc766c6f78df6710436b3c64fcce56ee14d698242

                  SHA512

                  fdef73af2833ab97202e2ad53b739a76adbe0606da8afe47931319d495f6e5fc3b260cc8baa3918f1c98416db31a10d55a4d5188154080cb51d80ece98fa3a45

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\appsetup.exe
                  Filesize

                  48KB

                  MD5

                  7958ada374854f55e23755d649899255

                  SHA1

                  d22d13c5cab73853a072920d673eef3c334ca234

                  SHA256

                  4f28eec99c7c8cd616a9fb89b7f3a580991befe59e38c0b1b678f0c3820baf54

                  SHA512

                  4e449db1f22ecebda8aca9837da31cb2e81959d3c345aa2686942008cbb794bb6fe0ad149d9c053921bd58875cea6dd098dd67d57402af60f551cfbeb7285bf9

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eToro_MusicOasisInstaller.exe
                  Filesize

                  68KB

                  MD5

                  0384c2fd3da1561307ed90feb4a3354a

                  SHA1

                  6cf354ebd4072289e01671268e0af93de507a5f8

                  SHA256

                  dd14d9f791bdce9f088d62a2dc1af19479acd953a99980088c58b8ac80770d95

                  SHA512

                  cf8f83a74e949adadd1922cd8a9a77467a1b10603f23edbca30300177864357790026f22a8699a32b4373dc19919c039a1a13f769cc3e0c8b31186367705be02

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eToro_MusicOasisInstaller.exe
                  Filesize

                  78KB

                  MD5

                  a8b99d92d616bf1d6983e389e769c8ad

                  SHA1

                  f955af82ce4dba4f180255d2119f7efdb672c4c6

                  SHA256

                  53747ccf95149df2a34e77669ba75e71e60121d7006951408e0843dd6faa8b86

                  SHA512

                  72afa4fbb5f89814197fb2b632d61f3f4deb54b8ba421f31e8ad732f21bc5013ca193af36cdaf0f2e83e6b518e5ae956b6603bedd3126d409ff63cfa5756d0b7

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\eToro_MusicOasisInstaller.exe
                  Filesize

                  71KB

                  MD5

                  f3a3190d7adeac3483de17734f78f1bb

                  SHA1

                  b296c887532729c920fb8772877e1f135706a34e

                  SHA256

                  53bc2736e0198549901d6c93faa4b709ac6e2d517f7549c7195cb17011fa09ed

                  SHA512

                  3206a5f7aaec7300f3d128551e17bc3b5221c1146f2dd888e4b7a9f54089159d7b0b28a1134d4d1d412201439ab57fd51ab48734a3808834560bab9b247457c3

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\IXP000.TMP\vd.exe
                  Filesize

                  50KB

                  MD5

                  5e9015cf5ded25fa0e03f67d4d6e472e

                  SHA1

                  db44fdea94feae4a3df03d6ca966aeef86a9557e

                  SHA256

                  5ba4b4e98cc0f75e94c2f9e24ad0ce1be23c0d9ac0a022b90b96c8d304a4608a

                  SHA512

                  5e18f2948e984c61db186a16621c303338a10f733050b5362b5539c6b04a5e1e51a1f64553f2f7d00d40326e4e7a3b94d0f65a27a0561991c93490a026d4693b

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\aut46BD.tmp
                  Filesize

                  76KB

                  MD5

                  4f372dff70949fa331d5ae41fa2f0a8c

                  SHA1

                  87fa0451654e2187ee343074f7c2b909ad99f61a

                  SHA256

                  5f1de230e4d46dbcc2936b8f3fdcc2dd897ab56ae95e0de9e7975d1b72271861

                  SHA512

                  e4427b41ef3b25427ae624f7224f4761b604d71a587cbe595df3329c485802ab5fdce597428ba385206452bb60111e25386f9b787b7b76f49767c7a2c966b861

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\eToroSetup.exe
                  Filesize

                  72KB

                  MD5

                  5189c15387de17b627765ac3d8c9f34b

                  SHA1

                  e90de0b2158b02ef345b8bc3904a6eca1ee4a520

                  SHA256

                  a3d51693013624959c979dd4bcb6f7b84b0767294ac74463361eb47f39e125ac

                  SHA512

                  76138e0493f533f5654445a3999721935ad22613319f03b06146af609e987ba75839e663588878fcaa516e60915ff3677cdb1d8587655bcb287caff17f1a2ebd

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\eToroSetup.exe
                  Filesize

                  53KB

                  MD5

                  c71de96291d736f7e8bbdfba52faa0c9

                  SHA1

                  26da1aa80c9d1e75e3cddd21afb2ffc4029027fd

                  SHA256

                  a13d2847dab7c8d59563387f7ea09b3664abd43caf8ebb4d577a7e924f16037f

                  SHA512

                  3a6755325c8d72e902eaa60e70b2a230d25bde5873823c8429d00b3ddbd702e9edc3f452ba1121b0378bf74bfbd49a38f8353aa23b9bf3b6975a57a56412e689

                  Download Submit

                • C:\Users\Admin\AppData\Local\Temp\eToroSetup.exe
                  Filesize

                  53KB

                  MD5

                  a09b20387847019bdb827e2581a547dc

                  SHA1

                  57b21efb20ab2f9610a1cb115283ac1cb70c2b8a

                  SHA256

                  f7dd2c1bc7987fdb20f84c957cbd79b049a91719c345991642868ae93d256cda

                  SHA512

                  cdc9b7894f8a13c1f474ccaba67c2fd1223d49cb4b872efed0ffbdc2a36411279d4a44d680a23caf013e44c0dc3699ef0df47577580e9471de680893cc3b1e9e

                  Download Submit

                • memory/1684-56-0x0000017D95A80000-0x0000017D95AA0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/1684-54-0x0000017D95AC0000-0x0000017D95AE0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/1684-60-0x0000017D95E90000-0x0000017D95EB0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/2484-172-0x000001BA18960000-0x000001BA18980000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/2484-170-0x000001BA18550000-0x000001BA18570000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/2484-167-0x000001BA18590000-0x000001BA185B0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4000-47-0x0000000002980000-0x0000000002981000-memory.dmp

                  Filesize

                  4KB

                  Download

                • memory/4028-90-0x00000204C3F80000-0x00000204C3FA0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4028-94-0x00000204C4350000-0x00000204C4370000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4028-92-0x00000204C3F40000-0x00000204C3F60000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4740-112-0x00000170F1A50000-0x00000170F1A70000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4740-110-0x00000170F1640000-0x00000170F1660000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4740-108-0x00000170F1680000-0x00000170F16A0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4768-149-0x0000022D090C0000-0x0000022D090E0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4768-147-0x0000022D08CB0000-0x0000022D08CD0000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4768-145-0x0000022D08CF0000-0x0000022D08D10000-memory.dmp

                  Filesize

                  128KB

                  Download

                • memory/4936-122-0x0000000000400000-0x00000000004A2000-memory.dmp

                  Filesize

                  648KB

                  Download

                • memory/4936-33-0x0000000000400000-0x00000000004A2000-memory.dmp

                  Filesize

                  648KB

                  Download