4b30f308a5f0cf34361f5a53f2d73c523188adbbd9ac264275946197a3a8aa28

Resubmissions

03-03-2024 13:51

240303-q5vgpscb85 10

03-03-2024 13:45

240303-q2r76sbd9y 10

Analysis

max time kernel
150s
max time network
141s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
03-03-2024 13:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ-Destructive.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 46 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c60000000002000000000010660000000100002000000012be52b38d2d35506c61fb467e9a9306c28456f636caf746226577424cb824fa000000000e8000000002000020000000f8efc27ae63e0d4007dc91ed5ae5ba13f2d25fbed53c73aa7247e13bb2183a29200000005419a5be19ccdeb6d9f5709659fb3c2861f8687d70e6729ba95db74824d96324400000002018c9c8151c432c05331f58a667edd4e31f07290f46e789dba5d6aafd0085c2f050a4efa525e30f560527cdb5900104ebda2b076e9716daa0015cc03dfdf618	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000009b106788dea7af4d98683a8983feb7c6000000000200000000001066000000010000200000006b7b591582d013b4ce48e30fe7768c801c4ba8f68a6fe884243398e91a5e365d000000000e8000000002000020000000dd45b09fae432adadae8c9e364b0181d7292494f1719dec6fdb87ee1d3b7283690000000b2b475dfbb803f3dc7ce9ac9df76ef404c0e55361e284c7b1556091f875b5bf9c0a5965ff7a8cfa90260d0e662127e7e00c27d6f41b0e57fca45806fb8e70515e708710a041b89b75ff19dd21b5cd6c93fb6495c17378746b9328af14f5e78fbfa40939e460df2af46998dc62d027c8e877ed60db195fb9efdbcf50f0f840ac68a4b141f298f1013b8c398f7105fb19140000000879931283040c6a6f8ad39f59da5653c000b7e9f6415b9965be78cb3d06588688bcf465fb16344218e7e9254a131309289fe205b333f0ca638aa2e77deb156d8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{AFD7E231-D964-11EE-9DE9-520ACD40185F} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "3"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 70516280716dda01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-2248906074-2862704502-246302768-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2300	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
2616	MEMZ-Destructive.exe
2300	MEMZ-Destructive.exe
1736	MEMZ-Destructive.exe
1288	MEMZ-Destructive.exe
1340	MEMZ-Destructive.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2988	iexplore.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	2232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2232	AUDIODG.EXE
Token: 33	2232	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2232	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2988	iexplore.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
3000	wordpad.exe
3000	wordpad.exe
3000	wordpad.exe
3000	wordpad.exe
3000	wordpad.exe
2988	iexplore.exe
2988	iexplore.exe
1996	IEXPLORE.EXE
1996	IEXPLORE.EXE
1996	IEXPLORE.EXE
1996	IEXPLORE.EXE
1824	IEXPLORE.EXE
1824	IEXPLORE.EXE
1824	IEXPLORE.EXE
1824	IEXPLORE.EXE
336	IEXPLORE.EXE
336	IEXPLORE.EXE
336	IEXPLORE.EXE
336	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 56 IoCs

description	pid	Process	procid_target
PID 2304 wrote to memory of 2300	2304	MEMZ-Destructive.exe	28
PID 2304 wrote to memory of 2300	2304	MEMZ-Destructive.exe	28
PID 2304 wrote to memory of 2300	2304	MEMZ-Destructive.exe	28
PID 2304 wrote to memory of 2300	2304	MEMZ-Destructive.exe	28
PID 2304 wrote to memory of 2616	2304	MEMZ-Destructive.exe	29
PID 2304 wrote to memory of 2616	2304	MEMZ-Destructive.exe	29
PID 2304 wrote to memory of 2616	2304	MEMZ-Destructive.exe	29
PID 2304 wrote to memory of 2616	2304	MEMZ-Destructive.exe	29
PID 2304 wrote to memory of 1288	2304	MEMZ-Destructive.exe	30
PID 2304 wrote to memory of 1288	2304	MEMZ-Destructive.exe	30
PID 2304 wrote to memory of 1288	2304	MEMZ-Destructive.exe	30
PID 2304 wrote to memory of 1288	2304	MEMZ-Destructive.exe	30
PID 2304 wrote to memory of 1736	2304	MEMZ-Destructive.exe	31
PID 2304 wrote to memory of 1736	2304	MEMZ-Destructive.exe	31
PID 2304 wrote to memory of 1736	2304	MEMZ-Destructive.exe	31
PID 2304 wrote to memory of 1736	2304	MEMZ-Destructive.exe	31
PID 2304 wrote to memory of 1340	2304	MEMZ-Destructive.exe	32
PID 2304 wrote to memory of 1340	2304	MEMZ-Destructive.exe	32
PID 2304 wrote to memory of 1340	2304	MEMZ-Destructive.exe	32
PID 2304 wrote to memory of 1340	2304	MEMZ-Destructive.exe	32
PID 2304 wrote to memory of 2580	2304	MEMZ-Destructive.exe	33
PID 2304 wrote to memory of 2580	2304	MEMZ-Destructive.exe	33
PID 2304 wrote to memory of 2580	2304	MEMZ-Destructive.exe	33
PID 2304 wrote to memory of 2580	2304	MEMZ-Destructive.exe	33
PID 2580 wrote to memory of 2656	2580	MEMZ-Destructive.exe	34
PID 2580 wrote to memory of 2656	2580	MEMZ-Destructive.exe	34
PID 2580 wrote to memory of 2656	2580	MEMZ-Destructive.exe	34
PID 2580 wrote to memory of 2656	2580	MEMZ-Destructive.exe	34
PID 2580 wrote to memory of 2576	2580	MEMZ-Destructive.exe	35
PID 2580 wrote to memory of 2576	2580	MEMZ-Destructive.exe	35
PID 2580 wrote to memory of 2576	2580	MEMZ-Destructive.exe	35
PID 2580 wrote to memory of 2576	2580	MEMZ-Destructive.exe	35
PID 2580 wrote to memory of 3000	2580	MEMZ-Destructive.exe	38
PID 2580 wrote to memory of 3000	2580	MEMZ-Destructive.exe	38
PID 2580 wrote to memory of 3000	2580	MEMZ-Destructive.exe	38
PID 2580 wrote to memory of 3000	2580	MEMZ-Destructive.exe	38
PID 3000 wrote to memory of 2256	3000	wordpad.exe	39
PID 3000 wrote to memory of 2256	3000	wordpad.exe	39
PID 3000 wrote to memory of 2256	3000	wordpad.exe	39
PID 3000 wrote to memory of 2256	3000	wordpad.exe	39
PID 2580 wrote to memory of 2988	2580	MEMZ-Destructive.exe	40
PID 2580 wrote to memory of 2988	2580	MEMZ-Destructive.exe	40
PID 2580 wrote to memory of 2988	2580	MEMZ-Destructive.exe	40
PID 2580 wrote to memory of 2988	2580	MEMZ-Destructive.exe	40
PID 2988 wrote to memory of 1996	2988	iexplore.exe	42
PID 2988 wrote to memory of 1996	2988	iexplore.exe	42
PID 2988 wrote to memory of 1996	2988	iexplore.exe	42
PID 2988 wrote to memory of 1996	2988	iexplore.exe	42
PID 2988 wrote to memory of 1824	2988	iexplore.exe	44
PID 2988 wrote to memory of 1824	2988	iexplore.exe	44
PID 2988 wrote to memory of 1824	2988	iexplore.exe	44
PID 2988 wrote to memory of 1824	2988	iexplore.exe	44
PID 2988 wrote to memory of 336	2988	iexplore.exe	45
PID 2988 wrote to memory of 336	2988	iexplore.exe	45
PID 2988 wrote to memory of 336	2988	iexplore.exe	45
PID 2988 wrote to memory of 336	2988	iexplore.exe	45

C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2304
- C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2300
- C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2616
- C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1288
- C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1736
- C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1340
- C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of WriteProcessMemory
  PID:2580
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:2656
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:2576
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3000
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:2256
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=dank+memz
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2988
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1996
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:406552 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1824
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2988 CREDAT:472094 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:336

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x7c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2232

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
81ab07a0e8a5aeb4ef5037a35ad5e80e

SHA1
807699680de32236ca125cf89f65e1a1396a082e

SHA256
7b4cf07c19a58f15c5b8cfa6d4eb363fea8470860cc995d6d70614fc7015d019

SHA512
27c9cfea522fec8dadedf8f277038086dee95a241473428568e3cd2887c2bdac1ed937872cdd32fc38712ac1f0a66996c6ca839c911189a08d208eede1615e25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_BE7DA50ED4C167DC2E87819405C6BB24

Filesize
471B

MD5
53c9a34bc08eeeeb2b4a89cf23f0b8fe

SHA1
0658ec2aeaf8b4963cce201389c8e8740cfdf1f5

SHA256
3a0cbf4f359cee41b7818ccef795a174ce82ccfc6bf00463b86dbd4aa9f08a50

SHA512
1ae8db15df66b18010cabc9f4d50834d49c2d3346593e49a35906f10cb1de4edd7c95cfc65232aa0162d7c635790805cdeeba2b5ad74fbe60e94429ceaa010f2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
43173c7eb3873cce8dddb3e9f1719d90

SHA1
9c39a2099320d14d0d7f30c6baec80df8e3809e5

SHA256
df79aebab1d10c91f30c4b6b77a5329ddb465a17e3c9626bb684738e66420039

SHA512
5d687a27a62d3faad0ae9c3a035ae5c86cc94a3ab2054ed36a6d9effa02bed40a9a2b49fc5d9b947f93d9d9bfe95638bfceb9741d37be607f5e103c710ed9451

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
ac8ff17aca5e2f7688240dacc08478fa

SHA1
e4e25b6ce435473902574b1eab112e87ce4d84fe

SHA256
84fba1a353987ee15652ed48a57dff606a7dfbe34fbb4fd883a6145b674ab4b1

SHA512
e11512e3e8bec7bb12cbbfaaacf0fec20cc8239276cb4dcdac7d42b565917bedf4c05433309642d479ae75454c3b47b8af7dd57682f66991817a66c4a8b91585

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2d810bdbbae0227bbc615f2258f04dcd

SHA1
0e4208631e41cc8a0b58777d871159e170b6aefe

SHA256
a8747bfb084c851cd4ca0354642fe3192cd17efb1941348ffbe12c597244ea43

SHA512
5f3d33d6eecb61134ec066736b5ee7827b83da1302afc895771bed5c7ed33672ed1cd34a83fba81f42a0a481e073ddbf7518befe073ef9768e96ac843508abcb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
81dc4de11ecaff27915ace3e71d257fd

SHA1
8867e4dd0caeec7ea219af965e7e3cf8307537d2

SHA256
595c65da2a6c24c823a0269366a62641a6295e227f9bcee68b91ae124b0403d1

SHA512
829119b331f89880a49ad39a3885a1a6d61c93a7ee4217ae35aa8d073608330bd8576d89e376de391094615613c0b8ddcf02c70351a3326fdd7a3f53dbefeb4f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
be3e24fbc70f7c2ce5daec5a72b3d1da

SHA1
2ac3720c2e80273e93dfbb364851310f94949272

SHA256
ce4cd280eb1970bf9a537fd7ab700ad98fedd8ba90e653bd89175ef67e35e224

SHA512
dda58d8aeded3428e7f3fb42333249b0912f14656bafbdcda62541de1e73d537622629625214b5e3c4197760b6950071c29496ab76818cc25a3b2c56d67209ce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
52fc5a65dd2aee3520f0cdc8b93c78ab

SHA1
77909c7b00ec4c17a56ff7d44473798ef1f3fb2c

SHA256
982fff47486e25c3341b19b1b42e59434b35552681445936af4cbe692280a3d8

SHA512
0893f4608a6ff1bd6aae1e8228a2ed186e656098955a6b19fdc7acfe7a5992769c624b3b6cc575137d1941ba8d3b8c3e5c820a156cc9b49c7f460d2c467fa3ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
af1009b03be8926be0be71c6a4b1f122

SHA1
cc792bc56bf4e153dd4b1619dc66b80f92b82735

SHA256
c68c6e88993d1915eed3c414d42916bd4e788e73bc418bd3ca8304d59e23bd5b

SHA512
c33a93f4c7ac7c6d30b15b3a0aeb28292623c7e7b58ed090c5874a6d0088c8c6a7816ddf5d73d083d9215f689570fbde999cffe33ea9888800bbf1f4535088bd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
40d0e0385c32a629fe4681504c97788b

SHA1
296a74ad58d6844407983901e9bac3a8e39ee85f

SHA256
714e76614cc7893793d0de857c79d9ba1a9f2ea1df053d03db9a52f0f09bcd71

SHA512
e2bdfe9b4c189f8c2babab18910d679cc5da0fe1174d550aaead9f1f6019797917036450dfb881b2cdb2fd8d93891152c4c9df1b8c18a742cd78c3703c76f1ef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
177d9387c41fccecc59c206502c8c432

SHA1
bc38d5ee59879e47eec2e311b6b9a194720e7668

SHA256
f839ed66d441118c1cbec436d56196aecdde2dbf011dccd565ecbdf9f330de66

SHA512
b7f6f99163c373f2cd2f2a0fd44747c42ded2bb246a26d522a267eb2ee197a274fc4dbcd48dba0cb2afa9c07998563663993380e40917b28e29ea27b3fcebafd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
c869510ce455622123b124d743a1a901

SHA1
ed712922dbf71af375729a9db00defa6cc4a1b23

SHA256
568108589c447cec98c061007036706a91749d9708d771bc8ac81fbda9b829a9

SHA512
b98ee12098ceb372bd34ce27b29fc5af0388a951787e88b346c9e9aeccfc310cbc559dc08d6724af75070abcf3914b48450775fb2760c8599a0ea0f66b8af73f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
398d34b1dce52312606ce1ebc4756d38

SHA1
6196935ab2289f3645adfa0e2bcaeb5a0b25565b

SHA256
e9ed0a406212b744f0e93c8600e4f102e7cd801b6dce9583b202188e4bbc739b

SHA512
6e736838024a971197fe954a40cb0816add64adab0b47d76046c34c464ed9afc8aae5ed4b88c091ab71e823eed59aeb91e07af1356fb3501b24d6ebbf139c73d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f42d9bc6ceb3da98c23d2b4263e54943

SHA1
e25eff8e9d430c8c9a05a94a103fe692cd5be553

SHA256
8e6b7520626df56f1c3c638501fff285784be1daa24d2540436ec2454682b38d

SHA512
b07f1a556cf5f468a0189d5e5fc1fba25548d4c6b792cf03fa422595e77f976cc7e5d659ec0fff0ec696190cffa39b607be6388de81a221fc42b4f58ac542cc1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
019639bef2c9f3fcd2a0ca938909df69

SHA1
9c2f564953126e4abd36514e94f36b1e21bb953f

SHA256
881ef80bc39622201ebdde4ca4b93be60171369b8637ca948756f15c46a35707

SHA512
6a9eaa98d87dad9cb0698d072ad02a11ee8f2958ad1d3e644afe76a772542b2644744f0d1129fec99da88bfe1e91da5c3d9f253e2af118e8280356c30d975208

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_BE7DA50ED4C167DC2E87819405C6BB24

Filesize
406B

MD5
7e10d9083017f10eb31f3c456bff148e

SHA1
63ec185e721cb7fcf6a7e2f85f4908962a5776f8

SHA256
d0f4a3dcde6c15aeea3e1129a8d725db5b50542804bfc58413b5ed7ffe4f6c40

SHA512
ebc4e6cd6bb73bc78eadc7164b728dca080c4822e1e928585dbe42efb92a918f72695de055b5851d7f2a6b5a0e71c4cb9597beefe34566f36134025533aa96b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\5UZYTVLX\www.google[1].xml

Filesize
99B

MD5
43e59ba62f782bcaca50a5ce2261abc6

SHA1
f5d238927b5dacf9a46c8b7ecdbf36055f1d6716

SHA256
feccdc3891d1a7113e845d59ba8a88e7a45de37e2fc64bab4574a28b770809a5

SHA512
17aefa7ee53722547abb0df279b8cdf2c214768ecf026a304fa63fe7ec05003aec65ac4532179490c6b9ac04160f6de83b44b5f47bcffa081fef32c6b766810f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

Filesize
5KB

MD5
1a3cd54ff32e3a9db4a4831850e44aaa

SHA1
66ac8a7e3b807d1eaaa48d17e1a8d4743b4581df

SHA256
3ea2f83e021d5754cab26ab5f224d0f0600bc648919ab6dcaee802d5759f2e36

SHA512
dff92a507027cf06baaf9b1d0c8d20cc9b70eb65e66483bf7a150069a418dbf88e5d3ba3f0af8bfa20c809ae3a6477051fafd203124b10ef2d12a7d32996afaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\webworker[1].js

Filesize
102B

MD5
bcf077e54d883df9bb7dc3e0bcac3ded

SHA1
48be834541645c4f5f77789b5d5edd35ae10e83f

SHA256
c8decb7c7d17d6353f74d740f2afba7886d2c53e0b3d10a44ae1ad7738316ff9

SHA512
ffe81f03493d2d9a6b2bbc2a1398b7a72be15a8e9ae9fb61eef540214b12033038517c6db72834409feb074653da6bd5c577551797fff5318569a42f6f1d769c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\logo_48[1].png

Filesize
2KB

MD5
ef9941290c50cd3866e2ba6b793f010d

SHA1
4736508c795667dcea21f8d864233031223b7832

SHA256
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

SHA512
a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\recaptcha__en[1].js

Filesize
491KB

MD5
884d00314602d7cb55bbcd2e909f7310

SHA1
dcb353b63aefc091523915f4562a819c31463611

SHA256
2c6a3425cec9ba0cbcfcf1dbba2120a72ac369674a6d02e06bd3b0c16efbdcf7

SHA512
50091f9e37dcf299bc8cf9cfeed4e71709011713ca0701be0ff79c4fb42699c9f9894cbc3a0819b3fece4f698c2201d403b987e6a76a259fbf58fb19e493b87c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf

Filesize
34KB

MD5
4d88404f733741eaacfda2e318840a98

SHA1
49e0f3d32666ac36205f84ac7457030ca0a9d95f

SHA256
b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1

SHA512
2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf

Filesize
34KB

MD5
4d99b85fa964307056c1410f78f51439

SHA1
f8e30a1a61011f1ee42435d7e18ba7e21d4ee894

SHA256
01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0

SHA512
13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\KFOmCnqEu92Fr1Mu4mxP[1].ttf

Filesize
34KB

MD5
372d0cc3288fe8e97df49742baefce90

SHA1
754d9eaa4a009c42e8d6d40c632a1dad6d44ec21

SHA256
466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f

SHA512
8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\TrkBqBAA-aS2zfRFivzOT01UANX8bQoFEDiMg6e3nFU[1].js

Filesize
23KB

MD5
e51858514367a90506a465ee3f5977f2

SHA1
171bd8620c82ea5a18379faa738410f52a0c23ba

SHA256
4eb901a81000f9a4b6cdf4458afcce4f4d5400d5fc6d0a0510388c83a7b79c55

SHA512
ac072a1959d01c284e93cac34fbc7632ef54a522ce60b8e9546a25132a14fd34457f86bd48def48834f7523b23fe689b4fcfd4215607c3dd767a3f951bbf4472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OOWQLMJV\api[1].js

Filesize
850B

MD5
d0e48e3d0045d85a0cb71725b215739d

SHA1
ad0647e24920f0815162d595058df31e28430d4d

SHA256
26cd1a6781274af995e5e8cb91f7327d0817f0ec2c943e710af00ae20c80363e

SHA512
582f5605d98c48b372dfe7445b8b2abe0f339cb15f39ca625e02004a684d3c01ea5a8dd78e5eb6485ab839ff09cad364d20dd2a70a8c6d5a9e6bdd9ae16fdf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9C9F.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab9DCA.tmp

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9CA1.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar9DDF.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\CK111NOP.txt

Filesize
125B

MD5
cf84c8e34f68e74bcfbcf45c072e7315

SHA1
27f19ab2bc4ca8c3d7ea33b17ed7da169cd156ca

SHA256
7a820c9b2aae10bce1a4d9be7a6e7062aa81006e60127dd9d1e237683c711c23

SHA512
231972294d5b7fe7b634daab2997e1c016f934b2546749cc16d36d50e6b1b2fbc29208a807ec16deaef887321b3adb7061df0521a92695e7869814402cdf6785

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/3000-2-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download
memory/3000-4-0x0000000002410000-0x0000000002411000-memory.dmp

Filesize
4KB

Download