Analysis

  • max time kernel
    144s
  • max time network
    143s
  • platform
    windows7_x64
  • resource
    win7-20240220-en
  • resource tags

    arch:x64arch:x86image:win7-20240220-enlocale:en-usos:windows7-x64system
  • submitted
    09-04-2024 22:00

General

  • Target

    9526cd74d58b547a2ea7eeca03bdbf81676c70a21cfeac78495a341d5b7230cb.exe

  • Size

    1.2MB

  • MD5

    85aedcd17cc1f2acd0b31ccfe24ce3b4

  • SHA1

    0aef8bcb6bd6b6a08e116fb6fa9049bda4b1cc36

  • SHA256

    9526cd74d58b547a2ea7eeca03bdbf81676c70a21cfeac78495a341d5b7230cb

  • SHA512

    cf94ddcf2e6469a5e3f413bdb13e049bb843ca553f1ec1bebd12ee1cc67bf4733a53b148541c013f06179085b98a352dc0d4bf462efb6de13641505935765eac

  • SSDEEP

    24576:6A7ox3Lqj9XRaZCrtlsDXeJcxMeetso+z8D6dAD8l26whnV:6TYXVtwlnetso+/dAQ0HhV

Score
9/10

Malware Config

Signatures

  • UPX dump on OEP (original entry point) 13 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 6 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Drops file in Program Files directory 10 IoCs
  • Modifies Internet Explorer settings 1 TTPs 39 IoCs
  • Suspicious behavior: EnumeratesProcesses 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 4 IoCs
  • Suspicious use of SetWindowsHookEx 16 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\9526cd74d58b547a2ea7eeca03bdbf81676c70a21cfeac78495a341d5b7230cb.exe
    "C:\Users\Admin\AppData\Local\Temp\9526cd74d58b547a2ea7eeca03bdbf81676c70a21cfeac78495a341d5b7230cb.exe"
    1⤵
    • Loads dropped DLL
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2808
    • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
      c:\users\admin\appdata\local\temp\\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2544
      • \??\c:\users\admin\appdata\local\temp\wmpscfgs.exe
        c:\users\admin\appdata\local\temp\\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2320
      • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1808
    • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe
      2⤵
      • Executes dropped EXE
      • Drops file in Program Files directory
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2620
  • C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    1⤵
    • Modifies Internet Explorer settings
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:2476
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:275457 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:2636
    • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:2476 CREDAT:865285 /prefetch:2
      2⤵
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      PID:1584

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Internet Explorer\wmpscfgs.exe

    Filesize

    1.2MB

    MD5

    6e599a439c88b64c9e2add0fc92969d2

    SHA1

    547a21988f34e8b9577f9b0ebba257d6be740439

    SHA256

    6989268125da85303e5e5ddd3410965d9dc31c02b0b871b4d9f1997faec90cac

    SHA512

    245f05fcaecc8324479411ffc435e6547a7c260c0c2c3ed326aca38563f812277acaf9bbfe5d9a5796ffce2651bd161e2234310e570e868c50a09cb855643fa3

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

    Filesize

    68KB

    MD5

    29f65ba8e88c063813cc50a4ea544e93

    SHA1

    05a7040d5c127e68c25d81cc51271ffb8bef3568

    SHA256

    1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

    SHA512

    e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c1902768dca635b52faf1eb2c4683bce

    SHA1

    8754af6bb7ef15f96fb7e59029d99ec864f77fcb

    SHA256

    9a365e8c3c4fc128172d6d9acb2d02275302f63cc22604ae2aea1a52192dcf34

    SHA512

    d44b56f79de7db856061a5da3845f6c3d1ef74aa18f4126e9d7899c32139bc5f41fc2f2a46c971727d1dba9b8d849bc6b0c853574e9533b42ec1a58ce269652f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3f9437c24147fc4e32354b65edbdbe95

    SHA1

    4f2976f6bc97deacf83fbce3811a3dd91e24d5c0

    SHA256

    5ad08d01e6f5ca549bb3ca95a248b50bd9823a128f045a36e8f9b880902d5e39

    SHA512

    308c46d73ef9d0526615dfcfeea5dcc50fabad57a55689c2faf98feb11ad4492a8a1176f01f81d43cefc76beb9c48f808285dc53f02f468103ae4baed6fc1e2f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e6e8de87300614ab375c9e2372c0320

    SHA1

    929a0c9389c16e422159f411d16d4618d057c308

    SHA256

    aee43ef099d09ac2bd0b56320817c94ecc7a937b289089cdacd1b91084a31062

    SHA512

    61c342bdcb94386bc6045f0e9dda928f291c4f323c21a79a4958dd8fcc590cb18a86573bb0276b8d68f596c6c8d8c43c00a5430237d075ee57f49b1676dedeff

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    77962085b8a71f28bbf23a9aa1dd5f7f

    SHA1

    b36df1ecf54dd31f4183564af74854b9511d0ec1

    SHA256

    bca7aebf44a1b7cecb80daf46b417565fd9d54601d4d0557bdb0e556ee7e4f65

    SHA512

    38395e1007aec67d43019346bbb2bccb03d787e0cbfcde5ed3834c6bff4833336e91934f08434e4caa95f2023ba9167535452e766e24e6ba6d5bcd54c03d6d81

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    344888aff7dfcdd44de769759ef1f567

    SHA1

    3db6989f0f8e1938e554a852ee16d5f7f2f27813

    SHA256

    6c04d184f01253de3abd32fd2bd11b03880a57d0f05cf96b5b6903313d72e6c1

    SHA512

    598f41ad5fa37f2517a1212579604d18a53585f91bfa2c8337a1a9cf6103238967fcf0c584277e6b94e09a41ad7c479d04e98525815ef161f37c66bb639a9451

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    7980b3fcdb8f8eeb60acbcc08d6f56a8

    SHA1

    2009a7759935cad54de14f0ac3538e65c1d8f4df

    SHA256

    32090917503209c300849eef2fc6243fe166e367b639b14f9270dcbe4fa9a34f

    SHA512

    2b9d3d1d9f70c084be6ea41f912fab7d6cebce956d29efa8fd659bfd9475073bb3779a79584b262a6616cf4d4aaaa82fbcabd86bf199ab1484960b08a277fb60

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    4f384d16206bcb3ccfe9af8597061d04

    SHA1

    f28aacc5afc2a2a55b66deae2fa1ef48a6498bce

    SHA256

    a0073ddb340f0cba2bc5ac3f7803ec19da86f30e434236c77eaab3ab1bfa3519

    SHA512

    0a995093ac8a7db83524160dac5858e4fa21ada612e97cf175fd7b458b551324d6947a03108ed5e57f4dc9aad487f8e9cc4f98db2a85e49d357d0df8a421be07

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    34dd5ba96f415659bd67eee24a33ef2e

    SHA1

    c4c7c35ae1fb8db8188cf151e9fb9f1a237aeb06

    SHA256

    f443c377e438ae5d03de50976ac293f600d62f5e0663868d1f35feb43c05bdd1

    SHA512

    b831c0c4a22445deb65eaf146e65a8a43e29950a0a5a16069e2d8a288c8b0201284fe0aeeca875c96f426c7ba6d88fd4bcec902e2bc4b85e8d2785f16f325388

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    e88b21a0b45faacf2ed1ff9d8c2e0933

    SHA1

    3cdc543f579a25c6167d9ad174f2ec9496ecee3f

    SHA256

    295a05b6c3e6b43a99651ecb0ab87e3d9e06432f6a531eb0965e12db6542f380

    SHA512

    bb343925627aba4ce13da3ec2674e0a087df88a330b49b0b27d1b161e477238ac478283492cb65ff24940a2749ce3cb7a2f724cf7e7ad54797882a86ed19bb13

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    2d87089c8c6b4fd315043b7a52dbf5f2

    SHA1

    259a971710cd3df0202e316b47a9701d6eb10579

    SHA256

    eb8e86996a64e4ecd77c48ec91232553844c29cb429061f1ad72c6389d308629

    SHA512

    5f7687aa9aa51f756a0e7f03a7f8e7aad49036686416ca0f0ad59d319d3b242c1381c1ba4cb0ed8192757962ffbb9d648a37030dc4e391491415871076dd3afb

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    3dd0de9bea5f44b622a7d344c3c7ae19

    SHA1

    a469fb0df5725c3a7039346064977c0cdd60beb9

    SHA256

    a22fc08c2fd427c05ca17a02a22332843066de203725b3243192bc825f8436a6

    SHA512

    8014d611ea558357c116cdca334dc9b429bbf67ae1d581319b08c5b4ed14a945043188c85b10663b313573210c75423911eb6094f0600c786ff87536ba691bad

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    6e78e29978e54ee18067d4c4623f4ee9

    SHA1

    288b1a58cbc12d4fa91091c01efcbda575413621

    SHA256

    4562a01ea9f24d09b5939da71034adc9b7b6893039bf3ed29de76ffe04fea431

    SHA512

    85cdfa63bf7a48f23e362db35eb45e80b4282c281cb875a2cc266be4d82e2a25285378ce31b5f7efb946f431b2959286133f3d1e2a2f0c088672620970a5b15f

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    cb897ef350710aa397f7c7f3668a8f69

    SHA1

    9b874a17c2f11f319329a791c0168ce395d82607

    SHA256

    2eef316df8ef02b9dc1b8e826ed5c30d1151c64c41c6e2c49929f265aed54735

    SHA512

    23d91401ee7d119248ec3df05ce4e97c4398d641ee53005536188ff59483149c268f08e6f82c11e2e2d07af8eaefd02e1773ad4bb146c90a05235cdf1c9a4886

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    8d481a00957ae448ba6b9f72abf3bd78

    SHA1

    4960f80240ace639259a455128548c9c2a5ed9d9

    SHA256

    4ea662328f37a9659be1c6bbbea13df2a0b9f3e9b4bb02e0f158d2b063a975cd

    SHA512

    7ad8dfed13b13f50300e78c6e7a6e1cb75294e0707666122e2aabb522bab835ebbc278574e5746f1fed0c0298fcc8a092a18dc72299d4a6f697fb8bdfe80d4ee

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    b6fe6ba172dee3fd5ddf112e4de50d1c

    SHA1

    a6cfbbf5fa60c5918c81ac8be1c5e731b9bce3eb

    SHA256

    fc5c7c3c66f43c7790b1dfcef80897c91dc3e2d10d41bb7b7c06825fdf66d8dc

    SHA512

    08570a35595141ac81eab59afff566af56e880af8dffa5772ea68bdcaa06c425e5e269d674433e0d901090bf3ce27dd882f4cba3d4182749b8c3f9c7b4574648

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    564ff1b7a0d58fb949ed3db7f0d0c985

    SHA1

    192cb26a547a8ddb30fd3e9d5bb9c13355057df7

    SHA256

    9332d1f9ded68ae4f462abe8f98f63231b1788cc4d84e842d782d029ff813fae

    SHA512

    1d5494308cccf12dbbbe4090036f6581613449ef2b0c82b65ac5e6017b1a296d83ce946ee02895d2bc718bfb159728aa8df794cc1cfcd8d19c09005e9abd543e

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    c20936d33f5dbc06aad1b2a761560d09

    SHA1

    453cf6105190a22ca2cfc60f3519954d18a2c8f7

    SHA256

    07e7312a4d6883bc5b3ebef0b33cd25eddbd0624fa8b0603d7c009672f8a881b

    SHA512

    a74be770665522c96fd0e8fe9c44fe68bc99463689326aab1b1fc8efe45819936631a9aea5db923079c8ac458b31991aadd9138a4c257198e761b3c927da336c

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    f7eb728d662d5e0c3699fca786172b99

    SHA1

    15be60aa4fad40cd3ccd0ea3ef5c7ffb2b70b7a5

    SHA256

    4b4e594be3aa67a8d66846234fd32c1751481146a07d7756fa2508d39d171eb7

    SHA512

    56795683457a386e1ef34fec037db1f79b6caaa408d1657b3c35ec71e81789a0d42ad27f307b3e9f249a7940f1f0b6929293e8b9d506300724d356eb958b6264

  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

    Filesize

    344B

    MD5

    957b22af578f99c26b44aba6cccf22bb

    SHA1

    226be32d9c69df1f3dd2eb153a6b2bd279cb7280

    SHA256

    e9fbdbe50a4adcb8de462d2012d3b4a66521858df00cc64f961835ea6c35acb6

    SHA512

    e7b642c7e3a9665f052c6683314ed7487ccdfea9b73466705b82680e24fa09713b531a2321eb42eb7c020dd1aaa302d6755a3aa36172229a6190acdd8cf2749f

  • C:\Users\Admin\AppData\Local\Temp\Cab7754.tmp

    Filesize

    65KB

    MD5

    ac05d27423a85adc1622c714f2cb6184

    SHA1

    b0fe2b1abddb97837ea0195be70ab2ff14d43198

    SHA256

    c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

    SHA512

    6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

  • C:\Users\Admin\AppData\Local\Temp\Tar7827.tmp

    Filesize

    177KB

    MD5

    435a9ac180383f9fa094131b173a2f7b

    SHA1

    76944ea657a9db94f9a4bef38f88c46ed4166983

    SHA256

    67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34

    SHA512

    1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a

  • C:\Users\Admin\AppData\Local\Temp\wmpscfgs.exe

    Filesize

    1.2MB

    MD5

    6ca44103600f24f1c8770c3dfda99e9c

    SHA1

    f1a71b4fb39c80939018d1c0a0775f783e55da6d

    SHA256

    0ea98fab4fa534d4bd40798af55a992cef4e22e346c193cd2a85f27d9ca81967

    SHA512

    36b4bcffe785658c69dc661682fa10d55f9e4bd6a460b86c451ba968ded90eee660258a5b694b4a6287d0336f391cd3557ac1c09d184daf63bacc0dfa23c0edc

  • C:\Users\Admin\AppData\Local\Temp\~DFECE58C76103AA852.TMP

    Filesize

    16KB

    MD5

    26723ae829853d407cdbff89e93e3eb6

    SHA1

    0884d080c36d65079b96790f7d25bee97d5b3992

    SHA256

    169676bebef01c3930070a73098ae4b8e57bf5ab219c9d6adce9d010b2c4370c

    SHA512

    157cde0e50c532a79be6c7f03c0fa3f92e6d86d35434819fa11815d2fd564479d5a2494a9bfdbb2559b47a97d57e09f180016314dcd764670fb6672abbb82fbc

  • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\70S6H34B.txt

    Filesize

    107B

    MD5

    035978dc4e00386c6098acc7017eb0c2

    SHA1

    6b803e1aed7b64ef92ebcbaab3cf950baad84a81

    SHA256

    245a5d2539a8db6e455ff06d51c0fa2825193e723c1726cd213debf33a70da9e

    SHA512

    0d74c43be705dba211b6ff76fd6e238e5b9c618400ec6e1e3bdbcb5fec706263cfb09826ef871a52f4204c73270d6d3550d39c79fbf7e7ba66ca6f96f3dd9733

  • \??\c:\program files (x86)\microsoft office\office14\bcssync.exe

    Filesize

    1.2MB

    MD5

    8460c2a2817551ace33a84d7e79edcd3

    SHA1

    03122e819e1a970ece7e6f764df6175fe35a3bbd

    SHA256

    2623f59af16d20132273709e9be51171d32cfb455344cfaaf70e7274d7946b20

    SHA512

    db6c818e47985e10f026e036fc692222a2dc0b03f90d2c1e064d46393ce66ff96e4b95868bcdda3b38d04509596b5fa51b4e066137c3c3954b1219b727200f7b

  • memory/1808-70-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/1808-61-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2320-71-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2320-59-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2544-34-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2544-60-0x0000000000340000-0x0000000000365000-memory.dmp

    Filesize

    148KB

  • memory/2544-62-0x0000000000530000-0x0000000000532000-memory.dmp

    Filesize

    8KB

  • memory/2544-556-0x0000000000340000-0x0000000000365000-memory.dmp

    Filesize

    148KB

  • memory/2544-26-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2544-28-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB

  • memory/2620-43-0x00000000001E0000-0x00000000001E2000-memory.dmp

    Filesize

    8KB

  • memory/2620-35-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2620-27-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2808-0-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2808-16-0x00000000007B0000-0x00000000007D5000-memory.dmp

    Filesize

    148KB

  • memory/2808-24-0x0000000000400000-0x0000000000425000-memory.dmp

    Filesize

    148KB

  • memory/2808-17-0x00000000007B0000-0x00000000007D5000-memory.dmp

    Filesize

    148KB

  • memory/2808-58-0x00000000007B0000-0x00000000007D5000-memory.dmp

    Filesize

    148KB

  • memory/2808-1-0x0000000010000000-0x0000000010010000-memory.dmp

    Filesize

    64KB