c70cbd05d70131009292d88c51242e738829c00b7e9579e2c68ff504fa0f9983

Analysis

max time kernel
2s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
12-01-2024 05:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
Size

2.1MB
MD5

183e40a711af9f2e798a430e2809a1d0
SHA1

2efa036f6e7f6e19bc7b162d9cbb40b150944b1b
SHA256

c70cbd05d70131009292d88c51242e738829c00b7e9579e2c68ff504fa0f9983
SHA512

b4c907320d8db41d0449a52f52835eeeb325005ede9a53babd0745c8701bd8e3a509d958f675771b16ac714418b15b5ca2a776227c409092cbd9c6d1fbf10749
SSDEEP

49152:+XWtcDcoUYXPtSjeJgEjTmucjzaB0zj0yjoB2:+SFYXPwtEjEj+B2Yyjl

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
4380	alg.exe
4384	DiagnosticsHub.StandardCollector.Service.exe
3524	fxssvc.exe
1504	elevation_service.exe
1980	elevation_service.exe
3696	maintenanceservice.exe
1208	OSE.EXE

Drops file in System32 directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\cf4aabcb4d74bb6b.bin	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	alg.exe
File created	C:\Program Files (x86)\Mozilla Maintenance Service\logs\maintenanceservice.log	maintenanceservice.exe
File opened for modification	\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE	alg.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	alg.exe
File opened for modification	C:\Program Files\7-Zip\7zFM.exe	alg.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1132 = "Store in a folder"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1130 = "Microsoft Modem Device Provider"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\22\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	880	2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
Token: SeAuditPrivilege	3524	fxssvc.exe

C:\Users\Admin\AppData\Local\Temp\2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe
"C:\Users\Admin\AppData\Local\Temp\2024-01-11_183e40a711af9f2e798a430e2809a1d0_ryuk.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
PID:880

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
PID:4380

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:220

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:1208

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
PID:3696

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1980

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:1504

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3524

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:4384

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
1.1MB

MD5
1d183e65841d6ad48867954a22acf4b3

SHA1
06df6c7419c2787f04f0a2b1169b8936c1a68c85

SHA256
24506453eaa087c633efa317224c502f321d3770b93a1a377f270c11011ac7d0

SHA512
6f31c3db7d26f36cfb95ea384379cf3b06eec2382a1b7ece86e99d7c13e034d46cfa8b18cfcb425a48336e2204428bfd505307924c50fed880e58f6dc65d18a9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
1024KB

MD5
86f49faf5ef32d94c06b888268d5c7c6

SHA1
01580e371256e15b4b98eeab9249492d2334e952

SHA256
2138ace2c42f9863e574f2e6af49cab293f3c38a33b3ea62b507fede27350b8d

SHA512
cebb2bdcba029bf112005fa8a84185888f8888bebd8f7e18866b7efc68aad0807e1e86e75eb98e636587e3edb7a4f071fbd8769e6d384ff01572cd5a370cf040

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
944KB

MD5
1774912d56b615af4f21baca0eda4f63

SHA1
e4b6b41fc4ec2848ad274c357dd14010f7085aca

SHA256
4d624e46328b6f20b25267ec4b314271377fd78cc468d24161938ba8b37656df

SHA512
d4c739563df0f33cf474685389380c6d6a54a31a179e8c09a7f5263171eabc06de28a3961b9d11217ae3af3f79b1089f51877a75c506245b3c7bc0758478a175

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jcmd.exe

Filesize
998KB

MD5
ff6ccb9e65a3087401591f329a743806

SHA1
3c42554bb23480290d70f8283a556c904e90bcf7

SHA256
3809048f58c6861a0dc94bcb7d4ca024740d59cbda23fa26e9e17a72cd4c8297

SHA512
33dc7af9b5b94659707c185f2d82117f61b0547bb91aa39ba6f0bc9229e8c2b2961089892fe48f587071392fcee80a6ffc5437ccd8d3b12a96f6d2ea0f2f91c1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jconsole.exe

Filesize
1.2MB

MD5
8c76b93a88af1f876904322a8bfae28f

SHA1
bed186686066c213b75507cca5ea28f9c9ee10d7

SHA256
7fd64da8f5aaa89da2cca599de84c07a13313c821727cb33e1d4d23b38935db3

SHA512
ce561d1b42640beed190d101820c7c1e32fd8bc76e6d79da7209e0096311956c2b9b5760320a83871e7d1f67f026b88045b8ae139d414354340027112953f2f1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdb.exe

Filesize
1.0MB

MD5
bdf9a7f3905c8371a2b8152974891c38

SHA1
88a8af53ac2387f5facf16cd9c810994d49d5894

SHA256
000d3512c7717fa6bec11617da5c3a97595605d762631b2488a22ca8e32b4669

SHA512
dcfb4cb801c7f75bc20405d3ce93a0442385b0ca23416497f0193f662d271bfdd30265f8134a21572f88abd89265683065d010560a6eb74f440f177249ac4cc0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jdeps.exe

Filesize
1.1MB

MD5
fcb3e5842d906d7f91803767acd6f177

SHA1
85a08b16bfc0b344eb20860e9dcf2a73a9a00705

SHA256
59bf3b5c8b1c730f54aa99522b41b92fedbf5313a52d8dc9d02360057146dc17

SHA512
0b72c49aaca3d3e4a8ea4ca9012975d7c68005545c89e5194b2a410590bb2fbc1d35e8b5a4f085e6c06af3dc4929a6b1e963316eb30e1b45649ef7a299d2c142

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jhat.exe

Filesize
832KB

MD5
8a9b86a3ebd3ec90baa2af4ca2b7f393

SHA1
240adc9201c4f2af539c600c5d83b54b42296080

SHA256
fbe8084b6a94c4b3a7245611fd6eee4286b10928155bdf84f65b254d91449659

SHA512
ab45ed77ca11b5552631b5ed0aafbdfb3972e1c42c3b37ef232caa3955b635a8d38c5642c7c6a4f164efd2628c03aa22dfc3f2cfef14957f3389bbec6adb53a6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jinfo.exe

Filesize
1.1MB

MD5
3a2ed17aff0687db042b168cd5e0ecbf

SHA1
8683347a005539d59707ffb9987474c51a779130

SHA256
c3de2f7f7634035e5752ce56e054f352476e23ca0a88019842cd17e9c0ff7a0d

SHA512
f9ee490b2f6a55e5b285fc16ac37a2ea70b85d4a2d13d85db207ef81a481570e42949f3d7bb4e2357aba50532b44cd88ef0538a94817bc9ae40de989f4074836

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jjs.exe

Filesize
976KB

MD5
e6b6e1dbfe46b0063c48f4342693042a

SHA1
fd815fe14dd2af7f02a6a0e00794de275281cd7c

SHA256
617d686604ce306948b50c380a70e60db3e290f737cdb0a13a0d4ea1c3234367

SHA512
01934822d9f495f90267996be760b638e61f5f5ee7e3685056926527b5d7c0e6e5cff74af04194506bc4edfe99610ec029c83bbd417e7a34997dfcf22b39acb1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jmap.exe

Filesize
976KB

MD5
98a31808cddb32875a5cb6fd34789235

SHA1
16c773841d45b870826ca3afc06b3d76ddbfd447

SHA256
492f9c538aba21f9c0298acdd8d553d32d6a09f207b61c79f53e67e862bce0e1

SHA512
92dd9fc8a6fb0d7be991f4588b44106d767d3960c376bd7e78207e5250ea280f6a4ebd77f0b183376419e68169c3df043183b5f9415678e20c006e22bf829397

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jps.exe

Filesize
976KB

MD5
9c7970925ec58c45486fe5d908c7081c

SHA1
43cbd487ef237755dd6ba681c4963f46d004a5cf

SHA256
d006f1f4c12cca9422b6aa0b9fd24a8422e5017c5c35f69ba656af805c2fcaa9

SHA512
7751c7bd567b3dc15fe0a0d6a36c39ba514a90c04124f2bae8a4d595939d7d0c46988c896206567215fd3f7276a3cdf2e11c321a5269837b5340f52974fe3616

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe

Filesize
1.0MB

MD5
79c487e4df1710bb27104b8400adbde7

SHA1
46a0a86559835d14a080e2cb0bccbd077f470329

SHA256
5c85be25e5c190e861343e94b91d0b1772608acb942c4d41d5a756f2896dba66

SHA512
db18b45c1dfe00a8618c114d73efbabf501925314e2b301cd1b9185570008990fbd18eb4cab2bbf43763171581115b5e4dd422a9f39ae03d2a30407145a7e676

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe

Filesize
720KB

MD5
0e7d364d06a3384ede3ea4fba03394e6

SHA1
9cd8e30d9d98e965ff491d2275868de191a56f91

SHA256
3b7a2844a47ed7038ffa0f5e561ce65a9bef66d8a22e6c47bc0b8d8af68aa182

SHA512
c05564d0d81f991df600a8021ca2b4c140952e0c3db909be606575bd8ebcbfc4f0a0b0acb30e79835be107ae1bec8eee6b3b4bd433dd1dc2d2bffcb7babff97b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstack.exe

Filesize
1.1MB

MD5
7ae85cb78d1b1aad057eb0c1d2ef04f0

SHA1
cab8f80d57eedafa38fdc6a909eecf2bc7ce1dde

SHA256
94b42238762019bcca22abac8aea2f841066c1fd6262ef16cd6fa5ff28ac3649

SHA512
c5fa8602278cb78a2e7cc3b86364764effdae1cc18fca25c4bee89901df7553eed7bf26f86cde4946d389bcc60c3430ae0e93afa95c943d2ddcf7877dac6ff0d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstat.exe

Filesize
1.1MB

MD5
43ed1ce8381d0ed1aef53fd34eda23a1

SHA1
b2f325745470acd91fa8ceddd902508b1b671320

SHA256
2f45a7a452cb18551cfbdd7b40a81d3659da20bbf9ffdf53740207570bb083d4

SHA512
da26ea2e8cecb51a76c0aa1c57b765521aa676a4e3663f79fe187efb4f9212ab33475a127f6abe13bd7ff995741496363bbfd36b86ac478e2347aee963256524

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jstatd.exe

Filesize
848KB

MD5
4fcfa143f50d84d48ff456b80be9b41d

SHA1
8e1ffa16ad55fd90b3bbb42a72615d90f980453b

SHA256
2b0d7939bf058382af1b3ae7437084b889510186ed8cbde41a1786ec5f656095

SHA512
4b2029a0a54650eeddd005223b1e2f1916035a316eb14f162c4544dada614fb0a6925ae8e0b0ee3ee950ff2b9dac9106b922cfb3ec2c491a7c40004a5198fe1e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\keytool.exe

Filesize
1.0MB

MD5
0e1445b71357727a735ffdd2a901afde

SHA1
daac3393fa126044a328cab921e2844b42376eae

SHA256
fdca7f40a68323d1018e12537b343a6094bb15a905d888936e603bfd6270a4ab

SHA512
86ac3b840a75b3952aedc86db8581d23571369fd477e3c6d572c6abfdd2acf1cf4d51f97111be802b9447e001057b702aba1dcb23132e79ed6f038f824de50e6

Download Submit
C:\Program Files\Java\jdk-1.8\bin\kinit.exe

Filesize
1024KB

MD5
1b936a5c02ca2d4e9cfa4f94ada18954

SHA1
92d1201918a64f3b67ff5e90b0db1a2424f71aff

SHA256
b4e3c5412ba322bd10a40fd336d692653e78626d71a01a98e3cf81a958ca3610

SHA512
0fd8f9c1de39868df30c4d26f5c3673cd860fb32676853e099704d184882ca3d81fac084a1d9acbc6fc58358f8e1ce5dd53055aad3e23efd2d61de69c34d2e5f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\klist.exe

Filesize
1.3MB

MD5
b008862691d7fda5a9a26066c4150c48

SHA1
c1544c4f51569bdb509be74a60d0a7346ab9b6fc

SHA256
587e340f62c84f439a80f2dae555902d046c064d6e308572c7e48f66cc9aaab4

SHA512
cfbb724f0714326c3408024de47cd5942eef35164a517bba38a51f714d3308f47f043db5bd8dd17039b423328555cc8e4510cedfcb7f7daf2dba84d7573803b7

Download Submit
C:\Program Files\Java\jdk-1.8\bin\ktab.exe

Filesize
1008KB

MD5
2805eb4f21428b3b6bf32b647091715b

SHA1
4925240a1ca7734936df148ce71d0e26ef9fe842

SHA256
1da8a2866f6875593c90d25c568129fa20505499f54d10a3f109e08b759f36b5

SHA512
8b823bcdbab1be50abe403e0dd79c3ff331d3d0ec82eaff0fa5ffb14266a36e266663dd6fac6786b77de43f26b73220c05cc6c6e02c73912c2d73bb3ddf0f09d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\native2ascii.exe

Filesize
944KB

MD5
0f964208b75934403d05fd264e9fdabe

SHA1
516a0acfd586191456cdaecbe3413cfdb6418eea

SHA256
4f3d0665691a20199e475e8304b02230e982de5320aa1aac3959ce6ee57ac99c

SHA512
050113e8acfbbea541fdce9434d438973a6701800e6e361be917bf918f15255c00061e0b048eb4339dd6dff9c7543f7379f1c5da4da0cb39ea79c0ba8814b1ff

Download Submit
C:\Program Files\Java\jdk-1.8\bin\orbd.exe

Filesize
992KB

MD5
a5198c9ed01527e69cc680aa15cf3efb

SHA1
73192597265089be19811934fc3a53626965888f

SHA256
8df2f2c07d2cbccfc2e15ad39d5c9197a0d6b328f91bd2d5c0eeb051aca4c9bb

SHA512
494cdd5eee3df6048b045d44fa5156ad073d8cc6be52d49f649f702c2451e087484444c9225983e4d19a7ba4636935d2e70df34a81e1d32996dc125837e9fe65

Download Submit
memory/880-0-0x00000000020B0000-0x0000000002110000-memory.dmp

Filesize
384KB

Download
memory/880-7-0x00000000020B0000-0x0000000002110000-memory.dmp

Filesize
384KB

Download
memory/880-39-0x0000000140000000-0x0000000140222000-memory.dmp

Filesize
2.1MB

Download
memory/880-1-0x0000000140000000-0x0000000140222000-memory.dmp

Filesize
2.1MB

Download
memory/1208-105-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/1208-95-0x0000000000420000-0x0000000000480000-memory.dmp

Filesize
384KB

Download
memory/1208-97-0x0000000140000000-0x00000001401B6000-memory.dmp

Filesize
1.7MB

Download
memory/1208-269-0x0000000140000000-0x00000001401B6000-memory.dmp

Filesize
1.7MB

Download
memory/1504-43-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/1504-265-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1504-48-0x0000000140000000-0x0000000140237000-memory.dmp

Filesize
2.2MB

Download
memory/1504-61-0x0000000000D70000-0x0000000000DD0000-memory.dmp

Filesize
384KB

Download
memory/1980-75-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1980-266-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/1980-67-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/1980-70-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/3524-44-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/3524-58-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/3524-46-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3524-64-0x0000000000EC0000-0x0000000000F20000-memory.dmp

Filesize
384KB

Download
memory/3524-68-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3696-79-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3696-86-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/3696-80-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/3696-94-0x0000000140000000-0x00000001401B1000-memory.dmp

Filesize
1.7MB

Download
memory/3696-90-0x0000000000C00000-0x0000000000C60000-memory.dmp

Filesize
384KB

Download
memory/4380-12-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/4380-88-0x0000000140000000-0x0000000140191000-memory.dmp

Filesize
1.6MB

Download
memory/4380-19-0x00000000006C0000-0x0000000000720000-memory.dmp

Filesize
384KB

Download
memory/4380-13-0x0000000140000000-0x0000000140191000-memory.dmp

Filesize
1.6MB

Download
memory/4384-104-0x0000000140000000-0x0000000140190000-memory.dmp

Filesize
1.6MB

Download
memory/4384-25-0x0000000140000000-0x0000000140190000-memory.dmp

Filesize
1.6MB

Download
memory/4384-33-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4384-32-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download
memory/4384-26-0x0000000000720000-0x0000000000780000-memory.dmp

Filesize
384KB

Download