Overview

overview

10

Static

static

5

0abebaa94a...f6.exe

windows7-x64

10

0abebaa94a...f6.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24/12/2023, 18:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0abebaa94a1f0f44fe74eea270fb3af6.exe

  • Size

    512KB

  • MD5

    0abebaa94a1f0f44fe74eea270fb3af6

  • SHA1

    8d150d66d2480f57c37e5096149f9409e8167e14

  • SHA256

    13abc0f9c9b5fec0dd81c566cfd062fd95ca63b9a751eaf0815adba689558d2e

  • SHA512

    4932f86c24f962aef5df4ac7dc703c4612f9b6260b9e78eabbc25664263c70da588b6d6337f64cb27dae48b872e6e7dc437c0b87dd9861c40fd184b152cd36f3

  • SSDEEP

    6144:1VY0W0sVVZ/dkq5BCoFaJ2i5Lf24C07N5OvSLTUF6pQxI6Upe2cBnTu19bcodj6A:1gDhdkq5BCoC5LfWSLTUQpr2Zu19Qm5b

Score
10/10
evasionpersistencespywarestealertrojan

Malware Config

Signatures

  • Modifies visibility of file extensions in Explorer 2 TTPs 1 IoCs
    evasion
  • Modifies visiblity of hidden/system files in Explorer 2 TTPs 1 IoCs
    evasion
  • Windows security bypass 2 TTPs 5 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Windows security modification 2 TTPs 6 IoCs
    evasiontrojan
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 64 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • AutoIT Executable 19 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 13 IoCs
  • Drops file in Program Files directory 14 IoCs
  • Drops file in Windows directory 19 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 20 IoCs
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 18 IoCs
  • Suspicious use of SendNotifyMessage 18 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 17 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0abebaa94a1f0f44fe74eea270fb3af6.exe
    "C:\Users\Admin\AppData\Local\Temp\0abebaa94a1f0f44fe74eea270fb3af6.exe"
    1⤵
    • Checks computer location settings
    • Drops file in System32 directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:5004
    • C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
      "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Windows\mydoc.rtf" /o ""
      2⤵
      • Drops file in Windows directory
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious use of SetWindowsHookEx
      PID:4564
    • C:\Windows\SysWOW64\gmlzqydgmetny.exe
      gmlzqydgmetny.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:556
    • C:\Windows\SysWOW64\evwlooer.exe
      evwlooer.exe
      2⤵
      • Executes dropped EXE
      • Enumerates connected drives
      • Drops file in System32 directory
      • Drops file in Program Files directory
      • Drops file in Windows directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:3916
    • C:\Windows\SysWOW64\gdgjzzknqgxpmmp.exe
      gdgjzzknqgxpmmp.exe
      2⤵
      • Executes dropped EXE
      • Adds Run key to start application
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:4624
    • C:\Windows\SysWOW64\ceniraajpz.exe
      ceniraajpz.exe
      2⤵
      • Modifies visibility of file extensions in Explorer
      • Modifies visiblity of hidden/system files in Explorer
      • Windows security bypass
      • Disables RegEdit via registry modification
      • Executes dropped EXE
      • Windows security modification
      • Enumerates connected drives
      • Modifies WinLogon
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5108
  • C:\Windows\SysWOW64\evwlooer.exe
    C:\Windows\system32\evwlooer.exe
    1⤵
    • Executes dropped EXE
    • Enumerates connected drives
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:368

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLN.DOC.exe
    Filesize

    57KB

    MD5

    807949dc892f2257a045323d6ca92d3a

    SHA1

    e15e8919bf16e60d336fa8ea5f1dd2bc495d69e4

    SHA256

    211dfcafb4d702fdbbbe16fb8b72fb04c352455bdecc5781dae74e2a52d5eadd

    SHA512

    93a9185f517066c16e87ebb5cff06eadf00879b98cf1c3bc9c4a1c365ed113b8f2040dfbf28ddbb2e814df0f614b53042a9ae138e388cd2abefa74d9af258da3

    Download Submit

  • C:\Program Files\Microsoft Office\root\Office16\1033\PROTTPLV.DOC.exe
    Filesize

    97KB

    MD5

    8f089972d9c306f0de280ae3ff8f02ee

    SHA1

    c3482f57ac303cf78a0bdfb1e4fd4505d2ac7d87

    SHA256

    8c2f042873d0226a685ad5e826b9db8d4efaa43b8815357e623ab8ffdfe29a5f

    SHA512

    d522fd713a86e058100a4bce162ce809fba89ebd3e412b46188b41063625736b20cb84c6fca849f1e99c721648de79b0231c31be333e0ee22bde9ef5845e7019

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.dat
    Filesize

    239B

    MD5

    12b138a5a40ffb88d1850866bf2959cd

    SHA1

    57001ba2de61329118440de3e9f8a81074cb28a2

    SHA256

    9def83813762ad0c5f6fdd68707d43b7ccd26633b2123254272180d76bc3faaf

    SHA512

    9f69865a791d09dec41df24d68ad2ab8292d1b5beeca8324ba02feba71a66f1ca4bb44954e760c0037c8db1ac00d71581cab4c77acbc3fb741940b17ccc444eb

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    6395bf8e1df36c4fe4d396b520c5db94

    SHA1

    e4de4beef2dc344b76b8f207287b5bc45550133e

    SHA256

    400c2be030211db932b94db3ea4aba291e70e38c8f2db742990c15ac5ce90934

    SHA512

    75eddaea676c50493d10bfca5d6f3184f209db2e9bcd3c2c4e4c40b43ad273f4ffe786a4d116a858a43255ac0e900ff609eec9d0bd56c599a6e5fd882e2a5207

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\fb3b0dbfee58fac8.customDestinations-ms
    Filesize

    3KB

    MD5

    9fe03410e32e8e32b04e123a12bc0af0

    SHA1

    531b6c7d245e7d7171fad25d29b08ed31f736154

    SHA256

    b774fe693b56759798b1b89bddef7dccdbe1beff7ca7162a7c2ead8c311fb459

    SHA512

    0c0e04f9aa7566a7e28ab339894a1447d8ea39ccfc6d54ba68986109ab5bd9f0f4b2c754239edec86ab9fea46c92bb466dcbf136185ad9df2fd79affffd46eb5

    Download Submit

  • C:\Users\Admin\Documents\InstallRepair.doc.exe
    Filesize

    19KB

    MD5

    dcbaaad5d502099df175beb73b35559b

    SHA1

    68a3282c8fd02bbd2ae9ae6d2a9b6601bd8dc8f7

    SHA256

    7eb988d023543e01c8cdd679ff92663efa1631e7e025723564a7241d6218d04f

    SHA512

    efe8167f6f25dd993c2086c79c92cdc64ef5d429550398a29bd1c97b378ebc91f8a63248d36048cf67f14cc590745628440bee1bcabed8a9c5662f30fd9afeeb

    Download Submit

  • C:\Users\Admin\Documents\MergeCompress.doc.exe
    Filesize

    11KB

    MD5

    320d06fdc1e0af4beda5702197223307

    SHA1

    0632ada48834cc2a2b7c7e0f6ae99d55b9fc0856

    SHA256

    d07aac8b0c68b1ca9f798ec180923686262c4f08d911feaa3d184d1a7b0484c9

    SHA512

    4c32368dcbfada781076d2b45a60c9b10f8b9d7eea9ea6be3ed8754db01f3ac625153cde0f059423fb60b939f786bd2433ba8a796cda5c88a8f681750c53b1c7

    Download Submit

  • C:\Windows\SysWOW64\ceniraajpz.exe
    Filesize

    254KB

    MD5

    9afe178da3402f614a600f1211dc96f6

    SHA1

    305ac96253b38dbd017094f09ba7f4e288b243b2

    SHA256

    5192e4a4efa0882f69cf1ff310df00e513d542eece9879d0dbb2ecac24b51bf0

    SHA512

    6386569830097962a734448c901cf1157b4bb7b9b4d46825045165f2ca769bc75f2b2ec12c4309e27504babc01bab4c3f784bf1e656eb8afd806d1da7679c3e4

    Download Submit

  • C:\Windows\SysWOW64\ceniraajpz.exe
    Filesize

    83KB

    MD5

    322641f8f82d44239ab09a98975aeba0

    SHA1

    55d5e7f4d9957cbeb3c5b7495ce209cffe4b6511

    SHA256

    33bfcb00c262ff8a804de06a2791762e18b7fa16fd105b45839213e245ff85b4

    SHA512

    59a761e874bb66fc4fa2f4ad92ad696ca27e5d0c2226a8f8fdedf0283450345d9297300c20ae20dba1accbea5e7faaac1503b28da4440097a39f521fee64d911

    Download Submit

  • C:\Windows\SysWOW64\evwlooer.exe
    Filesize

    180KB

    MD5

    2a9088750beab2edaa37da61e424dc27

    SHA1

    3b74e472ab6fbb0433b3380b4858b2ac4bbef4eb

    SHA256

    01597cc18ac55e4a95820e93fc53c2a7184a99b5f1c97ad0d72956112a59b499

    SHA512

    597541c18618df28c8a010cadd26c327c17a8c7596bd4632f35e32e034e0b7cbd0ca33393726b81fe1bd23bfaf54fb331508541778e882344bf4f1175edafba0

    Download Submit

  • C:\Windows\SysWOW64\evwlooer.exe
    Filesize

    328KB

    MD5

    80f4949da3a4d412190886578e06bd21

    SHA1

    67a12ff4e760da60f7ec6374253d95aeece59198

    SHA256

    d0b6eb50800c3ab519413cf7eac61df4b3ee2944be3d06435f8ca2ce1bc590d9

    SHA512

    f521f9e434521e76143afef9f9a76989f1a17e298f6e2795d061cfc887e2fb841c1f36ed5c4e888684109d09a40544715d356c6c39b1be278c0d994c707d5eec

    Download Submit

  • C:\Windows\SysWOW64\evwlooer.exe
    Filesize

    113KB

    MD5

    d61516032384660828dc2ac8bf4bc0ef

    SHA1

    c77bf022b7d77ed25a26f41da6203accb4847a0d

    SHA256

    1c45c55097275f00931188297e8b2d2e04cc056049529be3c9ba960f83a0bb66

    SHA512

    cbad5fe87ec5897ed84cca00425aec52b0d6a6f81e704383eca2177947684f860e8c447111902a148e76fdbf4369056573f9ad090017b1124747c486874af9cd

    Download Submit

  • C:\Windows\SysWOW64\gdgjzzknqgxpmmp.exe
    Filesize

    171KB

    MD5

    0565da3545ea6981d8369d2e1d4c9db2

    SHA1

    d5a3493b3bdcdf79a27106a2195fab44c32a3318

    SHA256

    438e177bfdfcee140077c3d70145f7a95d21d6e3731120c18c1c2dcfc7914c05

    SHA512

    aca0bfeebf942fa0f61b62cab7fcdfed1f66b9117bf759173f73958686b43f3fc79a2cc18d9098c72e1dc26164156e308e6bc765ffdd6d9d9bbfeeff1506bc4b

    Download Submit

  • C:\Windows\SysWOW64\gdgjzzknqgxpmmp.exe
    Filesize

    170KB

    MD5

    c70c054c5261e2297ee2068efeaaff73

    SHA1

    39f2c2711fbf81734fb0e1395126d390f242ed7a

    SHA256

    3470ec62cf26152c4bcf37f9396613142b897073eee5025f03ea851bee591ab4

    SHA512

    92481342b65deaccc8afda87d4966a0ffa7aa74a4a6cd391c2922534ba24f27116442a69433e062b84c432f3ff9efebd034054ef8977ad97e2cdf1cb2423dca2

    Download Submit

  • C:\Windows\SysWOW64\gdgjzzknqgxpmmp.exe
    Filesize

    179KB

    MD5

    510f5d6cdb9d1bd153ebe5372698bf87

    SHA1

    f325cda43ba2fb4069e0da94be7af3759c47a6ed

    SHA256

    049672938a05434229523915c138bf65e6aae087ebc1695091bd200b309fba06

    SHA512

    c853bb3a8d6329d2a1d0c9d357157584818c1288aae7c5ef193f53f5d9e3f7a7a92154a7f301e7899a123ffeb2c51c902df830c5a0967669cc0c657441acd9e5

    Download Submit

  • C:\Windows\SysWOW64\gmlzqydgmetny.exe
    Filesize

    64KB

    MD5

    6de31e4935f0a909cb933fb5a034f0d9

    SHA1

    1040daf7326ba765b55bcb302ad4aef745c24c2f

    SHA256

    7abe4417dd69434527d10ab6a1e56bdf2894965813edadb51dba0ad28df9823f

    SHA512

    fae4630a0540e0d27471fc2a7ef36ba0639f43375e037ac0702b15d7d62782db28d9682d61cf08d808e9020eb340ab17234a7257c32c2936bac1a0e7f87f9ede

    Download Submit

  • C:\Windows\SysWOW64\gmlzqydgmetny.exe
    Filesize

    242KB

    MD5

    3a33e7dc381a9bd5b30c772da39818fc

    SHA1

    4748d07995028882907c53f25c32adbe3c67b381

    SHA256

    b891aeaad99ff76f793e62c24d28737a207583ee75fdb032357642dec5870569

    SHA512

    1a174c5ea2f3e63c4602b6ae1dcba942833d876a3082aef34824b61fc6fbf2cf5fdf8f7f11a0230695b6169b65040b42d0e8b6824f3605c1c9dd35111e53c507

    Download Submit

  • C:\Windows\mydoc.rtf
    Filesize

    223B

    MD5

    06604e5941c126e2e7be02c5cd9f62ec

    SHA1

    4eb9fdf8ff4e1e539236002bd363b82c8f8930e1

    SHA256

    85f2405d1f67021a3206faa26f6887932fea71aea070df3efb2902902e2d03e2

    SHA512

    803f5f2fddbf29fef34de184eb35c2311b7a694740983ca10b54ef252dd26cda4987458d2569f441c6dedc3478bea12b45bfd3566f1b256504a0869ad3829df7

    Download Submit

  • \??\c:\Users\Admin\Documents\InstallRepair.doc.exe
    Filesize

    23KB

    MD5

    3cdfd37ab66e3d18187f1f6116feeece

    SHA1

    429d65ee508732d33711c13752b0600eed1b649c

    SHA256

    031386d9217ef61af9691c8daa206efb3574e2759015e5108d089eafdc5398e6

    SHA512

    e5652e8348948087879241c3db69816aab788a6775c009e363f67bf8acbeaa3a84cb2709cec0f2b0de2eb67cb9e40f78ac58e588fdce2601484313bd195bf6a2

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    23KB

    MD5

    3a3d8373d569f8ee15c93ec7c23cd27c

    SHA1

    997a196c8c0b48ada241863207ff85a9f6c54289

    SHA256

    3ac74cacb787c5752ec1c4944217508546110e301bdae9a735da420319eae0ff

    SHA512

    b9d67cdcd613e9c5962ca2d16f1974dd24be82e0a12ac40cc2d202368220283ba3f300af52ce904daf288e73efd50fe1985c1cab1e65b7b08e9abcb22df40151

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    12KB

    MD5

    0a8a2ea90b8022254ca8b4b2ea80d1a0

    SHA1

    443b98d0fb63bca4b6acc9cb11c2dfa4cf7fd678

    SHA256

    fc0a9422d6d11bdce9809e0ec2b726f2d95bda668ff999161e9f730cfd059bfa

    SHA512

    46b8e0c9859720a77484475382219779c57df3c9c506c0b1ab6c47e6396adf2648161d52b356c83d8ae71129c0ae76e90bc2a100ffca1592f5e36adc9edba7c2

    Download Submit

  • \??\c:\Windows\SysWOW64\MSDRM\MsoIrmProtector.doc.exe
    Filesize

    24KB

    MD5

    f9713892f71a3e604e89765fe3c15928

    SHA1

    6c12ed6cad79157d560bf1afbfd5ff3a8cd7aa6f

    SHA256

    132b3af42ee8c700c10587543e048e470bd2d5fb3755a549da3cefd07eca44ee

    SHA512

    c6f936809dcd41a61df40dec7cfaadd826e9dda29d78f5d74e03263929a8ae9d77b4a4a382555156a55738d1bad46d31be8bf39f72c9bbfa9400a60246b63c86

    Download Submit

  • memory/4564-51-0x00007FFBCC4F0000-0x00007FFBCC500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-55-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-42-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-39-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-38-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-37-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-45-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-35-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-46-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-48-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-49-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-52-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-56-0x00007FFBCC4F0000-0x00007FFBCC500000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-53-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-54-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-43-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-150-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-50-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-47-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-44-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-40-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-122-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-123-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-124-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-146-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-147-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-148-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-149-0x00007FFBCEC10000-0x00007FFBCEC20000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4564-152-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/4564-151-0x00007FFC0EB90000-0x00007FFC0ED85000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/5004-0-0x0000000000400000-0x0000000000496000-memory.dmp

    Filesize

    600KB

    Download