31118630b521b739250af9cb32b519a6127df0ebb1a6f70a1492d175e6ac849c

Analysis

max time kernel
122s
max time network
125s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12-02-2024 18:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
Size

4.1MB
MD5

e0473283a4e3a1431b302bb025944b84
SHA1

442816970107fafc4c68ad17cbe07df56eafcfa5
SHA256

31118630b521b739250af9cb32b519a6127df0ebb1a6f70a1492d175e6ac849c
SHA512

e0c43ced37aa8214f533c520e8932ef3b0b89319910b66bee7667e84f0098131ef107eebfc316037eb8e7707c52a731c3006d8d5b7e14174a067795ad90d3577
SSDEEP

98304:iLhySmXjjnsNPWWTPZA67aVo1N6hxvWbrtUTrUHO23:Uy9nsNfZA67ay1wx+NcIOA

Score

7^/10

persistence

Malware Config

Signatures

Executes dropped EXE 6 IoCs

Processes:

@AE5C53.tmp.exe2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exeWdExt.exelaunch.exewtmps.exemscaps.exe

pid process

2408 @AE5C53.tmp.exe
2784 2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
1724 WdExt.exe
2200 launch.exe
1924 wtmps.exe
2272 mscaps.exe

Loads dropped DLL 11 IoCs

Processes:

explorer.exe@AE5C53.tmp.execmd.exeWdExt.execmd.execmd.exe

pid	process
2248	explorer.exe
2248	explorer.exe
2248	explorer.exe
2408	@AE5C53.tmp.exe
2764	cmd.exe
2764	cmd.exe
1724	WdExt.exe
1324	cmd.exe
1324	cmd.exe
2044	cmd.exe
2044	cmd.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

launch.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-928733405-3780110381-2966456290-1000\Software\Microsoft\Windows\CurrentVersion\Run\Windows Defender Extension = "\"C:\\Users\\Admin\\AppData\\Roaming\\Microsoft\\Defender\\launch.exe\""	launch.exe

Drops file in System32 directory 2 IoCs

Processes:

wtmps.exe

description ioc process

File created C:\Windows\SysWOW64\mscaps.exe wtmps.exe
File opened for modification C:\Windows\SysWOW64\mscaps.exe wtmps.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File created	C:\Windows\SysWOW64\mscaps.exe	wtmps.exe
File opened for modification	C:\Windows\SysWOW64\mscaps.exe	wtmps.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

@AE5C53.tmp.exeWdExt.exelaunch.exe

pid	process
2408	@AE5C53.tmp.exe
1724	WdExt.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe
2200	launch.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe

pid process

2784 2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
2784 2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe

pid	process
2784	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
2784	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe

Suspicious use of WriteProcessMemory 58 IoCs

Processes:

2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exeexplorer.exe@AE5C53.tmp.execmd.exeWdExt.execmd.exelaunch.execmd.exewtmps.exe

description	pid	process	target process
PID 2116 wrote to memory of 2248	2116	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe	explorer.exe
PID 2116 wrote to memory of 2248	2116	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe	explorer.exe
PID 2116 wrote to memory of 2248	2116	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe	explorer.exe
PID 2116 wrote to memory of 2248	2116	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe	explorer.exe
PID 2116 wrote to memory of 2248	2116	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe	explorer.exe
PID 2116 wrote to memory of 2248	2116	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe	explorer.exe
PID 2248 wrote to memory of 2408	2248	explorer.exe	@AE5C53.tmp.exe
PID 2248 wrote to memory of 2408	2248	explorer.exe	@AE5C53.tmp.exe
PID 2248 wrote to memory of 2408	2248	explorer.exe	@AE5C53.tmp.exe
PID 2248 wrote to memory of 2408	2248	explorer.exe	@AE5C53.tmp.exe
PID 2248 wrote to memory of 2784	2248	explorer.exe	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
PID 2248 wrote to memory of 2784	2248	explorer.exe	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
PID 2248 wrote to memory of 2784	2248	explorer.exe	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
PID 2248 wrote to memory of 2784	2248	explorer.exe	2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
PID 2408 wrote to memory of 2764	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 2764	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 2764	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 2764	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 1096	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 1096	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 1096	2408	@AE5C53.tmp.exe	cmd.exe
PID 2408 wrote to memory of 1096	2408	@AE5C53.tmp.exe	cmd.exe
PID 2764 wrote to memory of 1724	2764	cmd.exe	WdExt.exe
PID 2764 wrote to memory of 1724	2764	cmd.exe	WdExt.exe
PID 2764 wrote to memory of 1724	2764	cmd.exe	WdExt.exe
PID 2764 wrote to memory of 1724	2764	cmd.exe	WdExt.exe
PID 1724 wrote to memory of 1324	1724	WdExt.exe	cmd.exe
PID 1724 wrote to memory of 1324	1724	WdExt.exe	cmd.exe
PID 1724 wrote to memory of 1324	1724	WdExt.exe	cmd.exe
PID 1724 wrote to memory of 1324	1724	WdExt.exe	cmd.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 1324 wrote to memory of 2200	1324	cmd.exe	launch.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2200 wrote to memory of 2044	2200	launch.exe	cmd.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 2044 wrote to memory of 1924	2044	cmd.exe	wtmps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe
PID 1924 wrote to memory of 2272	1924	wtmps.exe	mscaps.exe

C:\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2116

C:\Windows\SysWOW64\explorer.exe
explorer.exe
2⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2248

C:\Users\Admin\AppData\Local\Temp\@AE5C53.tmp.exe
"C:\Users\Admin\AppData\Local\Temp\@AE5C53.tmp.exe"
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2408

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Admin0.bat" "
4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2764

C:\Users\Admin\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe"
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1724

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Admin1.bat" "
6⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1324

C:\Users\Admin\AppData\Roaming\Microsoft\Defender\launch.exe
"C:\Users\Admin\AppData\Roaming\Microsoft\Defender\launch.exe" /i 1724
7⤵
- Executes dropped EXE
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2200

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Admin0.bat" "
8⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044

C:\Users\Admin\AppData\Local\Temp\wtmps.exe
"C:\Users\Admin\AppData\Local\Temp\wtmps.exe"
9⤵
- Executes dropped EXE
- Drops file in System32 directory
- Suspicious use of WriteProcessMemory
PID:1924

C:\Windows\SysWOW64\mscaps.exe
"C:\Windows\system32\mscaps.exe" /C:\Users\Admin\AppData\Local\Temp\wtmps.exe
10⤵
- Executes dropped EXE
PID:2272

C:\Windows\SysWOW64\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Roaming\Temp\Admin1.bat" "
4⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe
"C:\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2784

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe

Filesize
2.3MB

MD5
532ce9032e5473b49bfc5c6bfd21b40a

SHA1
349e529adf8bf7183da86cdf71bb5b8d023008d0

SHA256
c361aaac3cb6fcaf76113d2d2cc728a7d840ad8633c1e6d216028753c8287f9a

SHA512
77d439c5c70571f458a207b825420b64af82d7aee29987e1080cf97ed74de47e932899fadd9603a23d7042b522ee7f49364853154cb2fd62847ca2ba617a53f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe

Filesize
8KB

MD5
604a7585c306b97ec755c3169551ccef

SHA1
9f10b534f1d4802b87843a4119e43e96f1094c64

SHA256
6f9a0e9ee940de09981742e56d8886c93b4b31dea240b53c940e0e129c4e7f05

SHA512
ac79045ed7c89eb9083c8a0655c362b5395af12bf350c6bc03f013b8669d319ccfb6a91daba5f2974b8efd53e86e91dc5dfd74538755ff8c92b3271102aa846e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7291.tmp

Filesize
406B

MD5
37512bcc96b2c0c0cf0ad1ed8cfae5cd

SHA1
edf7f17ce28e1c4c82207cab8ca77f2056ea545c

SHA256
27e678bf5dc82219d6edd744f0b82567a26e40f8a9dcd6487205e13058e3ed1f

SHA512
6d4252ab5aa441a76ce2127224fefcb221259ab4d39f06437b269bd6bfdaae009c8f34e9603ec734159553bc9f1359bdd70316cd426d73b171a9f17c41077641

Download Submit
C:\Users\Admin\AppData\Local\Temp\@AE5C53.tmp.exe

Filesize
1.7MB

MD5
14a2e8591d4f03d3b6266fc678871c86

SHA1
547cbbb8092431e4c22611281cd4d715e21bb89b

SHA256
77db225957a11f50ed612a2bc1e8d1959def0c785a3d036ebbcdb6a0521e202c

SHA512
bab96112201a2a0b47aec6c87b0eaf703902a1fcb2cf045911c75c5b8456a89bf34bfc2a284fa1fb49630187db8c1efea8805c4018c663399bcaa27a71e66557

Download Submit
C:\Users\Admin\AppData\Local\Temp\@AE5C53.tmp.exe

Filesize
832KB

MD5
9e3f13b3c9ea1bed1465a8bacc129d9e

SHA1
f810893d4ddf4372b520e4e1a3b278be9ad59830

SHA256
a7e449849a147dbee57fefd7a692c8f5ab515a358ce2614c360143cd827fda98

SHA512
5010e1092cc010ff2a3a681c0b39c719dccf92c740b5fef6ea81c3e3e2b5c7865bcea101c031708279c2f177265a32a2cbf63ab1a50eed2fb4615c9b1cf3bd04

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp6410.tmp

Filesize
1.0MB

MD5
df2c63605573c2398d796370c11cb26c

SHA1
efba97e2184ba3941edb008fcc61d8873b2b1653

SHA256
07ffcde2097d0af67464907fec6a4079b92da11583013bae7d3313fa32312fe8

SHA512
d9726e33fcfa96415cc906bdb1b0e53eba674eaf30ed77d41d245c1c59aa53e222246f691d82fa3a45f049fbf23d441768f9da21370e489232770ad5ae91d32f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Defender\launch.exe

Filesize
172KB

MD5
daac1781c9d22f5743ade0cb41feaebf

SHA1
e2549eeeea42a6892b89d354498fcaa8ffd9cac4

SHA256
6a7093440420306cf7de53421a67af8a1094771e0aab9535acbd748d08ed766c

SHA512
190a7d5291e20002f996edf1e04456bfdff8b7b2f4ef113178bd42a9e5fd89fe6d410ae2c505de0358c4f53f9654ac1caaa8634665afa6d9691640dd4ee86160

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Messenger\Extension\WdExt.exe

Filesize
1.7MB

MD5
d0128b29f4c22df8a93ad8af9596bf64

SHA1
c10f9c19e7d5c2ea54af4e0afea43f19100129d3

SHA256
bd2362349669022971b270fa18084d2058d47e024e579b64158c1548b886042b

SHA512
9c517115130fc6a98a96d8ee37d9f3582b983a3f928d633e86f6033df5ba2d380635e4806989705f06a3a99354b172d0d26947e358032038c1e92db127014c0f

Download Submit
C:\Users\Admin\AppData\Roaming\Temp\Admin0.bat

Filesize
129B

MD5
d1073c9b34d1bbd570928734aacff6a5

SHA1
78714e24e88d50e0da8da9d303bec65b2ee6d903

SHA256
b3c704b1a728004fc5e25899d72930a7466d7628dd6ddd795b3000897dfa4020

SHA512
4f2b9330e30fcc55245dc5d12311e105b2b2b9d607fbfc4a203c69a740006f0af58d6a01e2da284575a897528da71a2e61a7321034755b78feb646c8dd12347f

Download Submit
C:\Users\Admin\AppData\Roaming\Temp\Admin0.bat

Filesize
102B

MD5
1d68f046cd6a9197038fb2445d2bea05

SHA1
d8dca54cfa0b2ad404bce32d5d94634bcfc9b2d7

SHA256
9cddd4b2ac719f01052deef3aa558fbfbcd21d5728215651345c3d2b9ba250d9

SHA512
2720d071fd02b2cf0d9f1de8dd19117fd128f213dd7f66fa8adb00d7873a5de58d2f2618100d28eec85db707d9e34d20258f9a1f76acf75fe668e66722e1cc4c

Download Submit
C:\Users\Admin\AppData\Roaming\Temp\Admin1.bat

Filesize
126B

MD5
15c60bfc35919702b50e362f23e931dc

SHA1
51a8355d85886a9d8c2ad00ebecb2bf71a990c55

SHA256
5b662a61fcfe14f6293f5a41f82f8f35a13aa286464a0f8d75db84b4b0563486

SHA512
95a98a08f4007d8f597bd2b7b9e066c13f111c84e310b9c07093c68608b0ee12bfdb3e5703c1a8c08f41bfa9a865da00389bd970b25e7249ad0a36d94b0ae264

Download Submit
C:\Users\Admin\AppData\Roaming\Temp\Admin1.bat

Filesize
196B

MD5
1bf585f56e3d99e90125dd79b0119115

SHA1
75779322882eb67d7799b731209e1dd02ee9aec0

SHA256
83702c7b4a4f5b424918069ce49657aee485b94a67b2477f70402ea0f83153c2

SHA512
f2a229f0a721bef1a28516dadbb8dab5b1e62be53042a55803c33f540d7fae3130baa44c808be833fedb97e74be66edf59201193bed0757a5d546a965891470d

Download Submit
C:\Windows\SysWOW64\mscaps.exe

Filesize
200KB

MD5
78d3c8705f8baf7d34e6a6737d1cfa18

SHA1
9f09e248a29311dbeefae9d85937b13da042a010

SHA256
2c4c9ec8e9291ba5c73f641af2e0c3e1bbd257ac40d9fb9d3faab7cebc978905

SHA512
9a3c3175276da58f1bc8d1138e63238c8d8ccfbfa1a8a1338e88525eca47f8d745158bb34396b7c3f25e4296be5f45a71781da33ad0bbdf7ad88a9c305b85609

Download Submit
\Users\Admin\AppData\Local\Temp\2024-02-12_e0473283a4e3a1431b302bb025944b84_icedid.exe

Filesize
256KB

MD5
1c1b584485e243b813fde136cb938d62

SHA1
8ae839c31cec4197542c927c29dd8b92444fa713

SHA256
7e81f111717f2b2c6783ae9e38c59acff8b3a811d622235c718e3001818533c7

SHA512
36a43c91fe7ca9807283da171a63bc8b9739afe3b0d318b46395acb4cd34b83decff614fb796de04ee43bf138098b1562e536051c27bec49814bf9e8ad4be06b

Download Submit
\Users\Admin\AppData\Local\Temp\@AE5C53.tmp.exe

Filesize
1.2MB

MD5
d33b8714379100a649e0efe64f588e50

SHA1
226ff2b20b2be641a8b968c46478f6249f5b95a5

SHA256
cc3c6eb1033521e0f22b942763ced6e4113d2b0a90db888866db3d7a60901059

SHA512
e8b2e28335ad73579cdd6784d67218e4de573cf061a32108ea24638137fbf07ab672acd5ddf991157916fb97236d09821dc52eb1847e841b5c397959ad69b763

Download Submit
\Users\Admin\AppData\Local\Temp\@AE5C53.tmp.exe

Filesize
768KB

MD5
eeda532ee10e0fe6c411204bc6af47ab

SHA1
fe682cd00f35080af6c2ed318acb2ba9b9d8ebe2

SHA256
dd3e0c86399eb6c5d3b253bf1607508879d91af7b26923ca24aa0f69d29a03f4

SHA512
c21f953c7b8f7b86f985e61868b82478871e949877f3a44e2b59ae923660ca3186ab965c91ffb2179136fba5efcc8aea735c84d44deb3b29524778c210385894

Download Submit
\Users\Admin\AppData\Local\Temp\wtmps.exe

Filesize
276KB

MD5
75c1467042b38332d1ea0298f29fb592

SHA1
f92ea770c2ddb04cf0d20914578e4c482328f0f8

SHA256
3b20c853d4ca23240cd338b8cab16f1027c540ddfe9c4ffdca1624d2f923b373

SHA512
5c47c59ad222e2597ccdf2c100853c48f022e933f44c279154346eacf9e7e6f54214ada541d43a10424035f160b56131aab206c11512a9fd6ea614fbd3160aa0

Download Submit
\Users\Admin\AppData\Roaming\Temp\mydll.dll

Filesize
202KB

MD5
7ff15a4f092cd4a96055ba69f903e3e9

SHA1
a3d338a38c2b92f95129814973f59446668402a8

SHA256
1b594e6d057c632abb3a8cf838157369024bd6b9f515ca8e774b22fe71a11627

SHA512
4b015d011c14c7e10568c09bf81894681535efb7d76c3ef9071fffb3837f62b36e695187b2d32581a30f07e79971054e231a2ca4e8ad7f0f83d5876f8c086dae

Download Submit
memory/2200-276-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download
memory/2408-12-0x0000000010000000-0x0000000010015000-memory.dmp

Filesize
84KB

Download