3ad8f84317864374f712239160d20dfdbe7344258a52c4cd2f6e2c1d021882a3

Analysis

max time kernel
119s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
24-12-2023 14:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

00efe2753a566b642d4a60fc1ba9287f.exe
Size

96KB
MD5

00efe2753a566b642d4a60fc1ba9287f
SHA1

cbe78e2c2cff98ceb418eafd7a18b65291e3d5e2
SHA256

3ad8f84317864374f712239160d20dfdbe7344258a52c4cd2f6e2c1d021882a3
SHA512

06012f1444ffc9bc45462915a99aa4c01323e01a0944ac052a7d6863c876fb7ddbeae67db20f663fa9953df53498b729fb36d9d22022b58a8c05a2ce94c9aa55
SSDEEP

1536:aRlLjoTApUl4NcE+aJu0AfSEnE3RDKbOccyF4VemCvR:aTLJ6l4Nb+4ASFRDKbRJF4VbQ

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
2808	Sfndnv.exe
1996	Sfndnv.exe

Loads dropped DLL 3 IoCs

pid	Process
2300	00efe2753a566b642d4a60fc1ba9287f.exe
2300	00efe2753a566b642d4a60fc1ba9287f.exe
2808	Sfndnv.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Windows\CurrentVersion\Run\Sfndnv = "C:\\Users\\Admin\\AppData\\Roaming\\Sfndnv.exe"	00efe2753a566b642d4a60fc1ba9287f.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 760 set thread context of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 2808 set thread context of 1996	2808	Sfndnv.exe	30

Modifies Internet Explorer settings 1 TTPs 26 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{EA74C851-A277-11EE-9B21-FA7D6BB1EAA3} = "0"	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2300	00efe2753a566b642d4a60fc1ba9287f.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1996	Sfndnv.exe
Token: SeDebugPrivilege	1416	IEXPLORE.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1212	IEXPLORE.EXE

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1212	IEXPLORE.EXE
1212	IEXPLORE.EXE
1416	IEXPLORE.EXE
1416	IEXPLORE.EXE
1416	IEXPLORE.EXE
1416	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 760 wrote to memory of 2300	760	00efe2753a566b642d4a60fc1ba9287f.exe	28
PID 2300 wrote to memory of 2808	2300	00efe2753a566b642d4a60fc1ba9287f.exe	29
PID 2300 wrote to memory of 2808	2300	00efe2753a566b642d4a60fc1ba9287f.exe	29
PID 2300 wrote to memory of 2808	2300	00efe2753a566b642d4a60fc1ba9287f.exe	29
PID 2300 wrote to memory of 2808	2300	00efe2753a566b642d4a60fc1ba9287f.exe	29
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 2808 wrote to memory of 1996	2808	Sfndnv.exe	30
PID 1996 wrote to memory of 344	1996	Sfndnv.exe	31
PID 1996 wrote to memory of 344	1996	Sfndnv.exe	31
PID 1996 wrote to memory of 344	1996	Sfndnv.exe	31
PID 1996 wrote to memory of 344	1996	Sfndnv.exe	31
PID 344 wrote to memory of 1212	344	iexplore.exe	32
PID 344 wrote to memory of 1212	344	iexplore.exe	32
PID 344 wrote to memory of 1212	344	iexplore.exe	32
PID 344 wrote to memory of 1212	344	iexplore.exe	32
PID 1212 wrote to memory of 1416	1212	IEXPLORE.EXE	34
PID 1212 wrote to memory of 1416	1212	IEXPLORE.EXE	34
PID 1212 wrote to memory of 1416	1212	IEXPLORE.EXE	34
PID 1212 wrote to memory of 1416	1212	IEXPLORE.EXE	34
PID 1996 wrote to memory of 1416	1996	Sfndnv.exe	34
PID 1996 wrote to memory of 1416	1996	Sfndnv.exe	34

C:\Users\Admin\AppData\Local\Temp\00efe2753a566b642d4a60fc1ba9287f.exe
"C:\Users\Admin\AppData\Local\Temp\00efe2753a566b642d4a60fc1ba9287f.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:760
- C:\Users\Admin\AppData\Local\Temp\00efe2753a566b642d4a60fc1ba9287f.exe
  䌢尺獕牥屳摁業屮灁䑰瑡屡潌慣屬敔灭ぜ攰敦㜲㌵㕡㘶㙢㈴㑤㙡昰ㅣ慢㈹㜸⹦硥≥
  2⤵
  - Loads dropped DLL
  - Adds Run key to start application
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2300
- - C:\Users\Admin\AppData\Roaming\Sfndnv.exe
    "C:\Users\Admin\AppData\Roaming\Sfndnv.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2808
  - - C:\Users\Admin\AppData\Roaming\Sfndnv.exe
      䌢尺獕牥屳摁業屮灁䑰瑡屡潒浡湩屧晓摮癮攮數"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of WriteProcessMemory
      PID:1996
    - - C:\Program Files (x86)\Internet Explorer\iexplore.exe
        
        "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
        5⤵
        Suspicious use of WriteProcessMemory
        
        PID:344
      - C:\Program Files\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
        6⤵
        Modifies Internet Explorer settings
        Suspicious use of FindShellTrayWindow
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1212
        
        C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1212 CREDAT:275457 /prefetch:2
        7⤵
        Modifies Internet Explorer settings
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1416

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8c7a47f790ed3a100732757ffadf28a9

SHA1
a116a3c517ff6e9ad83eebab1160d28255ce851a

SHA256
7ac00e9dbf51d44e673dd9c5b22e734f416f7389496189c63efd0097c60173fa

SHA512
6dbd0d9b0d4f8eacedb8ee89e1ea3ba81c3ac1545c0ec5dd7eb1dc92db59593c721c36cdaa8a50ede25bdff9c3a5441e7dac9433ad436235e30e8c4eb3556602

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3dcb63773d662df87716e8e1adb82438

SHA1
f0b23414a613575ed624ed59ffa891fecd49db19

SHA256
89cd5dd2f9bca89f2b07c0a9e77350e4515cae1808cb19c0a6849c80fe1533da

SHA512
c949d268cf36c0820acd4f1f5ad9a95898f4bc003bab10237ae55181313b7f72f6772d049c862bfa41fda335c89d5707b8292da985a4b244495f2b07d1662096

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
90586f68fcb2dd5beeed1c0c0c23d04d

SHA1
24adbb0b2914471011cb33b447ad1a729ccac3b5

SHA256
2c81ed6641f03eade3817ab1541d1e203c6eafe83b23ed1e558120e2946f93de

SHA512
5b111aa1dce96852baa89da96934cbb6ed0ae330b6138d1934ce79ced74e35dd6fbeee38ed95c1c783b968ea3b8cffd5c666f842e83c7b89fcd89c756bc7d353

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
6148cca20936a6dfe75ed733acb0eab8

SHA1
0c7806ce83b9aa4728be7f18811ff7b54e7f792f

SHA256
313755e062c95a9f7d6f9a82692ed55c764d87f46b140530e92ca65f3e46f216

SHA512
2f417ff7ee5d3e7c7aa015b9d31bb08888b906dd58ad08dc5a21e53e8cc6fe92329a3ae07e56eecd336b902844ce07824c9ee4c789918891060caed55e56f1bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86d7841c61646072d373c6a0448916ca

SHA1
8ab86f8e838f72c253be8e2848e27ca6ecde9e36

SHA256
01a4d49e7ac8a3f37afcb5a288c57205109c719e8e6a7168e2984574e7ec5443

SHA512
30af41d716ad220b2b7a4a0c5af44123119d8e9ee18c96e6866a2a69fb1e0589ebb2ab31f96899bfed618c179c8157ac89f84abf201e90031567252a4a158d51

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
18051fa11fdba21b3afb1621d319e0e0

SHA1
e866f6b74dc03a9c16227287f05c69534f821c9c

SHA256
0b50aea1749c11bdc5018de5d2744bf480c9ea02ab919ab0c41446af70175ffc

SHA512
868f3e193aeb3d017eed6c6cedfa06466198cce4993891569913e0c8d2909f76f094f30bf8984666844b8b9e6df5e5862ac9ed5deb177aa833fc7270b4d37318

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
88b6d43aa541744f0daaa3f2cf6ba691

SHA1
7929375ce632937c53d81ad9edce425d18d884be

SHA256
f6da3ddaa0dfb725f91dbe3c8fdfde8164cfc4d294e0b903c06a8bb44447a27c

SHA512
c337a781b38f8d4bf15c85569643a3990e21fefd62eb26f175ad652fec645b82dbb785e3b59de3f92d8bc73d395fc9e6ef7b3e72b968f0ba460ff3ed97a813db

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e4c62c3991e54d1dfadfa8af8d2087e5

SHA1
e7663218d68e76e5743a7ea18246bfe1b5a01d95

SHA256
b9735dbccc26ef99a47c89dd3bacabea60a455e219d27e42fb0ee32cc544d745

SHA512
1ff8e3a3138a3aaf4aebef73e1eee50a9cca2bab917bdffc786d70f97d637c5d053ef41abcd1c5d408b174e8befb48ac39ddca9b78a4baef86c675f944b3300a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
abaf482d66e7cb00189e46a1b9f5fb6c

SHA1
7533d7663d1e9fd44e7ff5922170751fad057312

SHA256
f8e177e70f2e6d964730023d28d41ab3892fb71d96df8584b196c41187f96444

SHA512
9468c235f9ec3f2b7093ed61abeb35a1a32c69dd8e4fb4a009cdcfd04751f99c64404edbce40eae38b0005e6114d07b9f420372a94a32c0b76be6dec5ffb9ca7

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabD701.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarD7A0.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Roaming\Sfndnv.exe

Filesize
96KB

MD5
00efe2753a566b642d4a60fc1ba9287f

SHA1
cbe78e2c2cff98ceb418eafd7a18b65291e3d5e2

SHA256
3ad8f84317864374f712239160d20dfdbe7344258a52c4cd2f6e2c1d021882a3

SHA512
06012f1444ffc9bc45462915a99aa4c01323e01a0944ac052a7d6863c876fb7ddbeae67db20f663fa9953df53498b729fb36d9d22022b58a8c05a2ce94c9aa55

Download Submit
memory/760-0-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/760-16-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/760-2-0x00000000001B0000-0x00000000001DA000-memory.dmp

Filesize
168KB

Download
memory/1996-87-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/1996-88-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-12-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2300-8-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-27-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-29-0x0000000000230000-0x000000000025A000-memory.dmp

Filesize
168KB

Download
memory/2300-1-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-30-0x0000000000230000-0x000000000025A000-memory.dmp

Filesize
168KB

Download
memory/2300-18-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-17-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-14-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-10-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-4-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2300-6-0x0000000000400000-0x0000000000429000-memory.dmp

Filesize
164KB

Download
memory/2808-64-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download
memory/2808-31-0x0000000000400000-0x000000000042A000-memory.dmp

Filesize
168KB

Download