umbral | 0858625d045eca0faee93b5f9cd1fa7336d1b9486c31662ca81cb4a96fe7e933

Analysis

max time kernel
41s
max time network
148s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
31-01-2024 22:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

RblxPredictor.exe
Size

103KB
MD5

d5ddffc51d7b2cc9297d984c120cdde0
SHA1

79449fd5184c14db0ad7cbe9f219e1d74dc3e9d7
SHA256

0858625d045eca0faee93b5f9cd1fa7336d1b9486c31662ca81cb4a96fe7e933
SHA512

9222cd73f9e044fc852e1b131966cc3ec8e3065a6f44c68406fcd208bd8a0d84e52b6e794cb4de61934ffe38bdde92ee6130059a7dd7a42327088ff5cc67ee60
SSDEEP

1536:XDrxkG8nLtvQRq9y/rN9D4za4qMZSn3DMXAijnLu6gtYrm/GdHhVaF7bRmr:Jv8nBvQ89yJ9OqeS3Tirq6gUPmnRmr

Score

10^/10

umbral stealer

Malware Config

Extracted

Family

umbral

https://discord.com/api/webhooks/1202258317611892827/v4k7Pssz-HUQjgkXaGS-5oWtegaSVqWhOFgxXn1UZZWsgQVeIlZd-Tr4G0cbLltW6l-a

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral1/files/0x000a000000012248-6.dat	family_umbral
behavioral1/memory/2704-10-0x0000000000240000-0x0000000000280000-memory.dmp	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral

Executes dropped EXE 1 IoCs

pid	Process
2704	Umbral.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeDebugPrivilege	2704	Umbral.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeIncreaseQuotaPrivilege	880	wmic.exe
Token: SeSecurityPrivilege	880	wmic.exe
Token: SeTakeOwnershipPrivilege	880	wmic.exe
Token: SeLoadDriverPrivilege	880	wmic.exe
Token: SeSystemProfilePrivilege	880	wmic.exe
Token: SeSystemtimePrivilege	880	wmic.exe
Token: SeProfSingleProcessPrivilege	880	wmic.exe
Token: SeIncBasePriorityPrivilege	880	wmic.exe
Token: SeCreatePagefilePrivilege	880	wmic.exe
Token: SeBackupPrivilege	880	wmic.exe
Token: SeRestorePrivilege	880	wmic.exe
Token: SeShutdownPrivilege	880	wmic.exe
Token: SeDebugPrivilege	880	wmic.exe
Token: SeSystemEnvironmentPrivilege	880	wmic.exe
Token: SeRemoteShutdownPrivilege	880	wmic.exe
Token: SeUndockPrivilege	880	wmic.exe
Token: SeManageVolumePrivilege	880	wmic.exe
Token: 33	880	wmic.exe
Token: 34	880	wmic.exe
Token: 35	880	wmic.exe
Token: SeIncreaseQuotaPrivilege	880	wmic.exe
Token: SeSecurityPrivilege	880	wmic.exe
Token: SeTakeOwnershipPrivilege	880	wmic.exe
Token: SeLoadDriverPrivilege	880	wmic.exe
Token: SeSystemProfilePrivilege	880	wmic.exe
Token: SeSystemtimePrivilege	880	wmic.exe
Token: SeProfSingleProcessPrivilege	880	wmic.exe
Token: SeIncBasePriorityPrivilege	880	wmic.exe
Token: SeCreatePagefilePrivilege	880	wmic.exe
Token: SeBackupPrivilege	880	wmic.exe
Token: SeRestorePrivilege	880	wmic.exe
Token: SeShutdownPrivilege	880	wmic.exe
Token: SeDebugPrivilege	880	wmic.exe
Token: SeSystemEnvironmentPrivilege	880	wmic.exe
Token: SeRemoteShutdownPrivilege	880	wmic.exe
Token: SeUndockPrivilege	880	wmic.exe
Token: SeManageVolumePrivilege	880	wmic.exe
Token: 33	880	wmic.exe
Token: 34	880	wmic.exe
Token: 35	880	wmic.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2124 wrote to memory of 2704	2124	RblxPredictor.exe	28
PID 2124 wrote to memory of 2704	2124	RblxPredictor.exe	28
PID 2124 wrote to memory of 2704	2124	RblxPredictor.exe	28
PID 2124 wrote to memory of 2984	2124	RblxPredictor.exe	29
PID 2124 wrote to memory of 2984	2124	RblxPredictor.exe	29
PID 2124 wrote to memory of 2984	2124	RblxPredictor.exe	29
PID 2984 wrote to memory of 2688	2984	chrome.exe	30
PID 2984 wrote to memory of 2688	2984	chrome.exe	30
PID 2984 wrote to memory of 2688	2984	chrome.exe	30
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 2408	2984	chrome.exe	32
PID 2984 wrote to memory of 520	2984	chrome.exe	33
PID 2984 wrote to memory of 520	2984	chrome.exe	33
PID 2984 wrote to memory of 520	2984	chrome.exe	33
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34
PID 2984 wrote to memory of 2540	2984	chrome.exe	34

C:\Users\Admin\AppData\Local\Temp\RblxPredictor.exe
"C:\Users\Admin\AppData\Local\Temp\RblxPredictor.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2124
- C:\Users\Admin\AppData\Local\Temp\Umbral.exe
  "C:\Users\Admin\AppData\Local\Temp\Umbral.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  PID:2704
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    - Suspicious use of AdjustPrivilegeToken
    PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --profile-directory="Default"
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2984
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef2a99758,0x7fef2a99768,0x7fef2a99778
    3⤵
    PID:2688
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1148 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:2
    3⤵
    PID:2408
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:8
    3⤵
    PID:520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1624 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:8
    3⤵
    PID:2540
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2152 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:1
    3⤵
    PID:576
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2160 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1420 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:2
    3⤵
    PID:2740
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3168 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:1
    3⤵
    PID:2056
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:8
    3⤵
    PID:2068
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3516 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:8
    3⤵
    PID:2228
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 --field-trial-handle=1364,i,12771838708891722495,6993499969797663180,131072 /prefetch:8
    3⤵
    PID:2640

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
134d930864fa81e9d40db5195f0746a4

SHA1
57f9c70ba0130265999341be984aa007ee6e685c

SHA256
2c4b67ca9d25bc1baa8ee5efc352fefb2739f89e2b29100b5dcae29e6cc16850

SHA512
4be147d27017e41788dda50b5907d8876999f3a2d6100709ee25c50aee5247afb47668f3343571585843f7de3da98081db3fc9d20de4137f7da4cf72fc2015a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
49a0f7851d65b51315e12e51434ae89b

SHA1
e41399fe951af40e23fb1a3579f02d5788f9953b

SHA256
b68d43c494577a517390b4425a1f6f563f104645e41933553a96e1f83b2101e4

SHA512
6d6d758861eb506ac3dcc8cd6362ccd6aa291ab7dc527bbf4b6a684f93a678adf8d87b91738b2fdd7f8a73614be6e756424f9f172a389348ad262718611a1515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Umbral.exe

Filesize
229KB

MD5
d1a1d0ff20cb0de8c91995cfcb92dfcb

SHA1
368601a5e6f9a0fb885d99daa203143f4a139781

SHA256
4e07f1db6d857e4a47a991941152c7a7e56a5a49bd5824affeef97fa2018ffa9

SHA512
75fde06e582d49544cccd4cbfddb5c0cfc7eecba6f48f2ca54aefdb24a3b2bdadff2874afb907fe39d85b2aeb4708831fb8a2fc59c12314ae2517a7c423de764

Download Submit
memory/2124-14-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2124-0-0x0000000000050000-0x0000000000070000-memory.dmp

Filesize
128KB

Download
memory/2124-2-0x000000001B170000-0x000000001B1F0000-memory.dmp

Filesize
512KB

Download
memory/2124-1-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2704-13-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download
memory/2704-53-0x000000001B3B0000-0x000000001B430000-memory.dmp

Filesize
512KB

Download
memory/2704-10-0x0000000000240000-0x0000000000280000-memory.dmp

Filesize
256KB

Download
memory/2704-73-0x000007FEF5A30000-0x000007FEF641C000-memory.dmp

Filesize
9.9MB

Download