5e36b47e6ea1e869d0d41ad85eb171cba6b661b474bbf67241b39df85aafc963

Analysis

max time kernel
142s
max time network
147s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
30-12-2023 01:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

HomeOfGamehacking.url
Size

54B
MD5

c9a84f3cf95886cf5e56c20a4460f2d7
SHA1

f058ae6035bbe483f6f2a097d39f505ce825fe3e
SHA256

b27d747d641512268a7d8c134b266d550fc7f33e8cb5138900e1deed6822247a
SHA512

c0f05e3f60f2273f5b8d168ecac6b1fae56e96560eb184d352127f10307db0dac9dfda8ae4c089e8ae17d2d950296eda50c513dccd6c286610790a49db5fe9ae

Score

6^/10

evasion trojan

Malware Config

Signatures

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	rundll32.exe

Modifies Internet Explorer settings 1 TTPs 33 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{C05C95C1-A777-11EE-8024-6E556AB52A45} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d30000000000200000000001066000000010000200000008866756587d1e5aff5c911e19c56395222ccb84a017d06ce8229ccea67d9be4e000000000e8000000002000020000000c53a8b0e5d7313b1f33a112e75f88cb1b87b7dd414272c553167c486ab81031790000000bd34b6f840681f0e27dda639ea69f568caa8a2bccb6f31f0396fa91b83816c9c16c96ce73d96ef6727f47cd125e40f6034260407fc1752af1e9da494651c7306cd63e908a8b9b068c66c5f6dfd048adb6bc2d19b5bf659ce0046f9bb98f65ccde9b76a90f873a1fbd4a1ade40ddb51739b6749f8c7672bb5f8ed799fb724a2917182256163444bab9104ffa07c6433b240000000aff0e6c5c2dda1fe9e82384fd53cba8fe08890566496c0a6e117c1b1682afb9822db1316a3acce7c3e53cb4ce311fbe90f28490e58d4c71b02a3a690d4c2668b	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000008dcd4c448ce8fb42a8f577f49cde6d3000000000020000000000106600000001000020000000391ba6d337086f44f12ea5073f8720c27bbf13f4051819081d726d61ed4c37f0000000000e80000000020000200000005b23c82e95784f525e8a37b9e7caeebb06718f4439108563de4254f29becc1ea200000005bed1b5bc69160c9309a0fd01c29db03d9f8c7f8b729c028ea19b904c286af1540000000b9ddd8ef2fce33735a1ac3dda72e8b1c89de8eff395ac4cb6e4a6613360cf1dfc8599793603f0a3a73b3f368732bd994e787325bb19abde3afb5b706a7a8004a	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "410146214"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1268429524-3929314613-1992311491-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0fbd09a843bda01	iexplore.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1328	iexplore.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1328	iexplore.exe
1328	iexplore.exe
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE
2672	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1328 wrote to memory of 2672	1328	iexplore.exe	29
PID 1328 wrote to memory of 2672	1328	iexplore.exe	29
PID 1328 wrote to memory of 2672	1328	iexplore.exe	29
PID 1328 wrote to memory of 2672	1328	iexplore.exe	29

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\HomeOfGamehacking.url
1⤵
- Checks whether UAC is enabled
PID:2236

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1328
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1328 CREDAT:275457 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2672

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7348a66b83f61e30ddabae5c42e0e2e2

SHA1
04a80ad8e1d84abd01484787397207bfdaf7a654

SHA256
e8c29b5d0a2493536227efcbaa8a4c8b2615497141689da622aa41f69279b2f7

SHA512
5bcf68cd3bb5db4a7b8393ba21c6e302a5f83d9f01894e4137456ae1019723096662f12965be2e8acf904119220cac2a1d6e82efdcf482a612cca1c171466ba6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f02ae2fef2bcc985dae73dd59278bb13

SHA1
5cdfbbb56da1484f0851abad68d236e5ed09afe7

SHA256
06473fc1a8d42e399b1fc0f4d2421d8ca55d230e5cc184974e339290d890a09d

SHA512
053fd57699b5a4354828f2f0c31be136ec923148e1b050f8e331826f957fabd1970ffbd867b4070bec9e5e0bafcc09e200e4df7a3b5f1140eb0e3dfe7b31e130

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
beaa7064d6b8462bd0eacd3e89afb2e0

SHA1
e4555528472c847b1666db88804218e7ecda6fa0

SHA256
af65f419be06b90bbf293a2dfe180db2400e1413910928e8d991f718a9a14974

SHA512
74046420304a43d4403538cb9b79a8c60fcdb82abe02d5964308f3a56fed04112a21eebd3021b3a0a9555d34258a9108158fb769ed4a3faeff050e715dc5179b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
a5110f65cb450c903c3d0aaaee527796

SHA1
964bf31105206e1f641a6038a8eaf04466a75faf

SHA256
ea21370219a4a93ba56b90dc5cc252f3973d35c20acc6cd4ad6598b46ec999ff

SHA512
c9871d75e4927df3ce7762b3777ee87ad8ef35acde8c2fa86e0ed345d1e45d01d016849b75eeefb8d338460ecc07619699651d271566a574bb41e2f31dbf9f04

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
fc06ae8ebcfc163142c9d555b6183e38

SHA1
fce794454aa0292fa2d5c8c05fd35ec29b4657a7

SHA256
c1e6b46ef33749cd56385348eee9bbf91d887b55a72dfd37c1f77b5304645684

SHA512
a7b2e736a46df060ed7f90c5b747e785a6257b84918c71dcbd2a05961449e09eaf3560cdbe54a9477d48a5bce45811954fdd6b0202b43d0e5df72812d64f14bb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
7168b28c2d93255ddc45d5d3f0f362d7

SHA1
0dde1271a55a19adf13702e748e4132b3da3a8d8

SHA256
c43d1640f0896dbe4f9a2906f4b3caeb12b700cc02e991db0ca002ef46b3a7f2

SHA512
d157575c7fbcf7ff6e2448d28302a65e7aae1f41e36672633587e434f8ce15013ccc0988d941fcbea74f6e67325feb461164bc34de763fe1d821a7755d2f9e0d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
33d3bc124d66f2d891fca852f92e2c04

SHA1
227f3eb50ce277fef36336c15e622fc0c3f574c7

SHA256
fed5eee09d7ef98e505f4e1bc47df21d80782f199309f1fb757c6f5e3d112b91

SHA512
fd8bd4e110e9c33a0e0c79f3e56bd882e5a2ba20b082c411092cca02b996538923c4d59160af834433e1a02d95d22608052b7cd6cc074a1ed64f75e53ecd77c0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
433f7e15508c287758b57c0c117a2bb5

SHA1
235372adbc750689ed3d33205532bc1550898ca4

SHA256
36f49cc6d1dce747966337e2f4cffbd88920eb127d1a0befc3e2ac5fc8e932f7

SHA512
0e195b419a3acf48f413c59b6ca6ca8ded3babde86d3d7a61232f6b675002afc985c115b94236076a2bde18192f178a00f8d3ad094a4290111d122162ce495c8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0bfc88c29395b34cedc58f8d8f52c938

SHA1
cc477e9293626b7483183f320712edb3eff8d683

SHA256
9f3ecdf14603be5749fca533e74c5e18be5972d6adc9760dabc003c13bf6b2eb

SHA512
4038369e7c2bbff03d7f5a7a5d036bf07cb786fa323ad379ead3815be4336874b3745d75fd06674583b8b209a848c825af843c2eb2358d9314fdbcf897ac2ed1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
44deb86f71a025bc8c7c441267371aaf

SHA1
3b17bdc54e4218df317363808c4adb9eb1fb6649

SHA256
1cfcffcff405a1fdaa2c9ac0e01c015d7a7e84f2a5f37bbe52a2777d64c47406

SHA512
e5f8ee9b7e30bcf430574782357e43167370860d9d39a7a6c6cda6f7db5eb035f854ec04eb29eb82e723d73515472fbea43d4cd0e4b585a78a54df100cf06bf1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
55d6f30aa33755abf9355763a0018e00

SHA1
286df54332c3d41f6b7f7a3fd04588640db8a915

SHA256
dec4e880d6013f047bd0fd2a4c288d6c5364996d3ff4ece5734e103d766bfed5

SHA512
375cb1d24a9e2f52fb941b2f3fd2ffb61c79a4a6d74c548bb15115bf73919f20fd0dbcdc8d8873c83f1ba1cd42fb71098c813b0924f380f2a3f77da08bdb1e33

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
087695b7585b5306e34d34346600cbc3

SHA1
1f7322e9f56ddebda114f1bcd117ce2daaa007f9

SHA256
98f25ba7af523f5b3aab3df378321077cee44918786c63986bc7b394d362f9f6

SHA512
405804e7daf7ab79305de2e711a9c8697becedfb16719542ffde29788a5515e22fb10767545ee0977aeb3d1ee49775740e14d158d512bcd02b90a7547a8d5bf5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
934b530e928917b55d6f8b34a3dbbd00

SHA1
4253adfebb29f4c2d84e4578e282459d8c899cfa

SHA256
6165a0e04f5c636c64910da42fa9b414b38cc012c154db0071e1896e05160d0a

SHA512
6adc0fcbd3cffd3753d560c2829379e56985fcae3c97ab0fb6b743ddb9797dd3466c93c08412fd13775b9268008840e9e199f6c55f16aac1af7481b1b02c8ebc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
063be57efe9c4a708481ae8828e078d2

SHA1
219807940e59d06bca3d33ece9e2799ca651a0d8

SHA256
46f2a8d591381fd98ac5b0223871a0e0c3491ee7fe566d8bc872bc1361f22253

SHA512
bab5b89b454765d7d659bb8da7393c0b67da18d161047547f64bc11c072e80a1395dd4c8bbfd2c059419f4aaa11ad729e37fad58373ae81dab3d41474ab22326

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
5b29cde818adcb9116b0d340c76a70d0

SHA1
ba201b40e507d114d9bd16a180e330c7c865ff40

SHA256
afdd9e1b407278c922e2b26b7d3c63fcc1d2483936012c43b7579838e6a81eef

SHA512
93615815529eb8f4a785be0a497daa1a58e7f2c5d2eea88043d4c00840f745dc5aa035dc5082707593eb25b364e7a92fddc5b74c53120307cc42594e6c53433e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
455eecb3a5feabc697c9dadcc00d353a

SHA1
84b8369f8191470472b0fa39ced1ffe3165b92cb

SHA256
859460abe97a699887c27f74da216f4bf47030ef0e1eaceb8804a1b99b98fdf3

SHA512
e27515db0414a0f52b060d0375fc2d2c315b9ccf124d605c837d6dbe797f17cf1b34274bbc1e517db5cfe660e211f730c23e633204b6b3c2bf0773fe77768a65

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
bece88d0d3610a8ff7ab94dca0ebef5e

SHA1
c6714c139fc8ee68273117b1f1b9921d24bfe892

SHA256
efe4caeafbbca29e59522329e6895c522399a774888a7e4420f73335e8461a43

SHA512
64482defa16854a9daa9fe01153662db5cae460b704600c6852fe16dbe8e0b9e5fb3d53e780959f31cdd9a369e08abc6e0da6470f87182485919920e818d32d9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
b7ecfbf809b2731349d1b4555b1f0261

SHA1
4f89b3ece003d8f0642f9ecdc0a571145bec0da1

SHA256
fdf5712ee1ccfa61bd370c6b193cb495aeda5bbc75077afa22f7b21155b5cb8f

SHA512
6f41d18e3e5749f48396a02f7d6fd2d5ab5db077c0e12358a5130a0333d9be0cb4b7e1b1b82b511f2428ee10769753e3301d6ef3e5082c69e1dd46989b7c851f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab5505.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar5537.tmp

Filesize
134KB

MD5
5c91f160acb7632b8de793944a2d4ede

SHA1
f9e4407279e78a11ee50653e7b839bac5384f1b0

SHA256
68bf985a78135677e2630262519f00bac7ff035810fc5e6cb301590699140b73

SHA512
51714983fa16e8e5d45c625858c91da6fb26a1239adab3c78d25177c1b561d82a36c4531da2a4cd4ff8ed9dc57ccbf95619bcb962bef0617fae87eff1f8ee941

Download Submit
memory/2236-0-0x00000000001C0000-0x00000000001D0000-memory.dmp

Filesize
64KB

Download