42b1ae153366264dc556bcf909ade649caeb796151458e1096a3087b1c956c7e

Analysis

max time kernel
142s
max time network
140s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
26-12-2023 16:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sainetco.ir.url
Size

207B
MD5

5b209599e1fd1c0ad77f7be78ca6b837
SHA1

e343809d0528d696fe2b0796da6aa1d73ac72f57
SHA256

022030c51ccd5e05a028b9d2f5ca62dab950983e91840be1526eb10921f3961f
SHA512

7cfe50ee60fd89f6705e4efebcb51fe99773b84ead6de20c689cd933aa15e868a0e70cb8164c4e128b4b1893bb53ad687ef787dbb5507a04214e604acbfed68b

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs
evasion trojan

System Information Discovery
T1082

Processes:

rundll32.exe

description ioc process

Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA rundll32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb8000000000200000000001066000000010000200000006b7c39539fe8fa133c663d6ed151411f65bb7e8c4de6b5c94980b08b16908e2f000000000e8000000002000020000000625c6128130ab3008aa1427f0d39daef26d1690a484e2c3084d125c562a148762000000083191c4af3ebdb17c9268d28699d9849bcf5f3a2134b881781ec34a34b01eece4000000054d792440a09daf3d5861838bccf45f23863ed90a04abcb86555b115e13fdc6f74989ed23224657d3573a3b2cb204f028e2104d6609dee483ec47c85c377c3d3	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 50dd99b94b39da01	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000d80bef292bee784c8e3c940d61fdfeb80000000002000000000010660000000100002000000073a6d29f7ba37171d81d52c81e2aa02cda01c0b55de3499cd02fabc3bb7415f3000000000e8000000002000020000000073ff6c9b3f5fa338dd1047ce0f03113282c5262ed6f00ffad3258cac1b5a1ad90000000dcb0ac3b4e00f222126778ad5807c1b9482284bb182543efddd5d33ae31eecc313fd1471e9a75ab25b32acb9682fa84b04c311a6a3100aebd17432a0440365d81e45255fa110ec5df377dc3035b6900159a2c5508a4f631e71348bc872511ad433235a6664cb14795330a6a4d381b217b658af1a83fa801a8e202762a06935f5edfd67d4e769b44d0bb08b5dd594589340000000f99c2f513597bef0fe6cfbaca075658d66b3b2eaac01bca4fe0851b8c96dfd4df59ebc34dc0cbed6f05757c7fc1e2ee28ed90e4c228f8c61445479938f351e08	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CB3D0FA1-A53E-11EE-B517-EED0D7A1BF98} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "409901836"	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

iexplore.exe

pid process

1300 iexplore.exe
Suspicious use of SetWindowsHookEx 6 IoCs

Processes:

iexplore.exeIEXPLORE.EXE

pid process

1300 iexplore.exe
1300 iexplore.exe
2844 IEXPLORE.EXE
2844 IEXPLORE.EXE
2844 IEXPLORE.EXE
2844 IEXPLORE.EXE

pid	process
1300	iexplore.exe

pid	process
1300	iexplore.exe
1300	iexplore.exe
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE
2844	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

Processes:

iexplore.exe

description	pid	process	target process
PID 1300 wrote to memory of 2844	1300	iexplore.exe	IEXPLORE.EXE
PID 1300 wrote to memory of 2844	1300	iexplore.exe	IEXPLORE.EXE
PID 1300 wrote to memory of 2844	1300	iexplore.exe	IEXPLORE.EXE
PID 1300 wrote to memory of 2844	1300	iexplore.exe	IEXPLORE.EXE

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\sainetco.ir.url
1⤵
- Checks whether UAC is enabled
PID:2444

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1300

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1300 CREDAT:275457 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:2844

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
8b91e37fdb76b0bafe8b232424ab5142

SHA1
036d0b29c8e77225bfc45416da4ec358dc5be0a1

SHA256
c6670735ce44635145c8554b8924a692ec992ef047f0f2272a7a3f87f19bfc88

SHA512
121c3ce17327495c019e9832b3e346fa53ae08c8e5223f54959e2a6119bacbeb2ebc3749f2927f6e87ec4ecbc9bdb22e3be48c7fb24e062509250d0aa1167280

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7de538efe3d6dcf83c8645a5255395d5

SHA1
670a774909a12482b28579bf6ad9460a0ddf6d40

SHA256
e1f500e957d5e113942cc5f8be2457625f9478dc2e6ab525051310cb23d6f645

SHA512
26ada39658a59d1bb08bcbac9e82fefcbd29a8312c74b66776ed74ce0272fd4919a604ca1746e21e69aed7d9e536c3d2d2dee9d45ea65853f93edf2376df804e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
86d5a053bbd6b01123e5a5eceaa78c34

SHA1
6326c6cd5918adedd385b5cab9ab305b4afd7772

SHA256
0c5944c2cc3caaccc59835248c7b5ad80602d89c1cee5b8632ec0c6db661f9f1

SHA512
0e97dc7b769cca3c6d3c9ae6a863a86c3fc979fb97d774791746e38459320bc91e120fa34de8869c0dcb136fe604664982d0b91180f7f34207b79eaec165016b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
09543eedb3448fcc66853b5aeebffba1

SHA1
2d69a6647e6538e3a57ac08f874c90f1b5f2c40a

SHA256
bd275015a9ef38087a86b16192a1ba8d1315650ea6fd390875c7d4f52ed1b2e8

SHA512
d027ffed13da19cff6e43e1167762ccb8b8596c949d4f27d13f07ac8eeef1d7a32f733517d6f431709fa83b7546e02e01011789ff0044bcf8ceea1d652625d9d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a0ebdf39ac49060ffb4b8a268210be1d

SHA1
6034f1b14541cecf7a3a565677d0bf891cccc613

SHA256
456ee641aa420aa3cd13fb013ad6a7b24b3c976a9fefd2b84055922bb159a1ae

SHA512
9086fcb2a21056a5bd8bc01e3244614a7a62fb5278dccb420d72016e28781320d6b2feb395145d26377337a25d9813e5b2d85aa58e48a35d4aafbc2cd2f06fe1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5a0b04073f4f5bdd5c8d2c1c28d5eecf

SHA1
157ea5e34a63312431f9ee2b2c1c6fb20f3ec852

SHA256
bfda557e8b6d27bbbba1bad0e0129d10d6ff2ef4a5d8d60e1a45700fb29cf16c

SHA512
5f5a6464931eb3dd6a994d1258f87318a94660443e2fbb884e34ca5d8b15e728cad412555398ae5b58f884895253f2202ee041605a274c11429433db1b8bb14a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55e82d25b3ac324a88c67bcda0a7dfa3

SHA1
1320fa58bc2da2b560e8419e69f5f8e9d02cbfba

SHA256
f7c2d0e988fcde12895f5793961eb42f7658767504bd145e6a98259eb3653d7d

SHA512
05992c5cd85016406f73873323c882367913bd0a588fd3c0955c45e10038dbdb73b6d009056916609656e1a4939d8b0e00c9c3b921012d6676318b098b9d4711

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
4a66554ed0a98a83d50fab35a6839830

SHA1
8cfc83370575fe9793578b6e317463df65534c9d

SHA256
930530b3c5b03de2df6fcf60ee2169088ffafeabf74541c1b88bdc91fb41297f

SHA512
247bf4bf0d4fc17be6dc4de2b08372195ecdb7c4ee1a3f80a8a9dfd10de738a36680bc748ba3166327df76cefca3447da96e6e2a245d2e2ee53d4357e8e667f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ed3228a7ed96208b1c356b1525d93be0

SHA1
ee74f5dfbaed1e0305aae7e3b05e1bc92a8dcba9

SHA256
4907b96fde551d6c2f9c6fba96c4b0fc3794740f5df7fd9712e5d0246c0b5c99

SHA512
0274c042384f542db14612c69a43ed39b40b0f4a3390b134dee3219ada04cd0d9e5860211f5ee919524f75c9b39661a84a21b38348843149459aa94df33012ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
28bab68f877634de26d08fd80ad6ae2a

SHA1
f4e7f8fa32a015952beadf57c20bcf97217a1b0f

SHA256
f1033a4b5b6860111a5f9f99db5a85fdec13ef27779d5aa3990e96ba7a4afebc

SHA512
8fe0500c4d60793fe8e2e061c8d5715daf07941e9a0161a968c1ef9fe6dd4ab0636c4a03369193af9216b738a11d30638feaf5bd267aefefce5641a9d8516b4a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2a504248d1b5fb9556c32c3d92227c89

SHA1
f430a6838c53ae3fcb9148acdde95a4c87fe5c5b

SHA256
b5411c937e1af1d6da299510141db3452058ab2162e4a14925ff6167d569f1ac

SHA512
578b1f9a454c780b96e08fadd62fe052b18d6e9fb4920f7c03e762ee0b2ac76d273daadd6986e009a063f2dc4c756d90c4475a4a414737cc753713c8a3c076d0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ea4764fa758c915b7eedc842d09e506b

SHA1
8a62580fd82b0ec973c6ad43435330bde239db41

SHA256
134d83af32366e102205af1239ff5d7b854a2fcc723121b2d06781bd2f74b668

SHA512
a82e0b0299597faaae303404434f0e66bc1cd630429817be1a55b1cc1b0e446149f51f50fb592e14cf675ee70c13a0c191bcc288fe72e2cb138ffb93ca266993

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9ba17be9fd0b22d73aba3cb512bd9d45

SHA1
a8f829c4e479d0396e8a296658df776e8a46b9fa

SHA256
bea767db53e4d0bdcb9a07e91d2655c9668fb23c80c275925a69155f37dd2809

SHA512
fc53f0c4dbb39d0855262e4e064fd589c2240148ca53931440b694c3d7907c02d4c3b4a796dcdd01a850bd1fdf80c631c5ad71040cc301764ac429d21c255a8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
02e57e1d7e19b7cd45da7669654d25e2

SHA1
81557ee5018d522942141a2e7fbbc6b6b0336cee

SHA256
b0dab8e99419ad5c87cc7d6d434c5c350da206c3c16a79592c2ef86c4b2ad007

SHA512
1dc41d219e877a18d07d100bf159666978a94616894bb72f2579fd3e86ba2c35883504ca4a888d8a0ac2aa717c92284956440a2ffe16acef024482654ddf9b09

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f0a685620bace071d5cef95a199b567f

SHA1
e698ac23ba2e53512fc2857de9245918ef9fcac3

SHA256
c5b923cc6c7d79665d200aa1726137f17a5ce0ba9f1b8414ef35337894017e53

SHA512
2a60837ae099e9f6b76ca5ee1d7c6f54d14d8048160633779535ce70e2b9354f25fc6a32ca8da3780bb31a93cbe2b85a171e364ef87cf0b9eec4ab885fc5b5cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
df4fdad3e19b2c34e5902ff419339537

SHA1
be90c876132ef8963ce14b6cec2a9998d591acaa

SHA256
73b9b2f39b37b0f48ceb990f3e70870ef4392a991132d88b979c8f17309e7b5d

SHA512
bce481ae0ac38456ece10742ea2d6f4bebf2bb8df196d12936efe8703ea9401d9fc9095574c91de3a2728c3a21639247757109f9eb15dd558e8513f52a0eab70

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f54ab4defc0dbd5cbb4695ce55ac2c9b

SHA1
eb968cf84d3a0daa62ef50fb9822981d2a526d53

SHA256
e74e76c7b8008bba2fc25e58ffe0be95ce25a6c823e6db28b0f9585c502cd7fc

SHA512
613d12a8b3e94c1c02d6b1b3753210c1e60cc281c296d2aec7f1e71e21885f1c6e5d00920804bd3e168b8ac970e6ef02543c5c4129bfa435bf185e954606b0f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab3F06.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar416A.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
memory/2444-0-0x00000000001C0000-0x00000000001D0000-memory.dmp

Filesize
64KB

Download