Overview

overview

10

Static

static

10

m1f1f3a069...5d.exe

windows7-x64

10

m1f1f3a069...5d.exe

windows10-1703-x64

10

m1f1f3a069...5d.exe

windows10-2004-x64

10

m1f1f3a069...5d.exe

windows11-21h2-x64

10

Resubmissions

10-04-2024 02:28

240410-cyaxtsca43 10

10-04-2024 02:28

240410-cx45aaca36 10

10-04-2024 02:28

240410-cx4hrafc61 10

10-04-2024 02:28

240410-cx37zsfc6y 10

14-10-2023 01:16

231014-bm3ysshd6t 10

Analysis

  • max time kernel
    598s
  • max time network
    601s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240221-en
  • resource tags

    arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    10-04-2024 02:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    m1f1f3a069223072f8d6802a079235d.exe

  • Size

    306KB

  • MD5

    4b36dcaa94c3eca48a6292bd670ffe79

  • SHA1

    705484e61ac39ba02cc80903be0da6ce74333334

  • SHA256

    c2e57e9b6e52a5429ae7a7bd36c57f63589d78fbf0ffe5760ada4a67b9fadec9

  • SHA512

    cf07d7f80264554eb3b945421ca41db38ff79707775d355d478c09f4b64d14f523339295aa4bc9b79c0dbb004e6756585bcf85edc8cbc2d16f7f0481be93513a

  • SSDEEP

    3072:71E/yXS0m2pOVLVewP2D/kIyC+mvXi1QJIkjXAToknBq9tT/8RJ6W3t3dpdQGqKI:7E2mDMtqa5EOTeKXAllKD9bmTneefA

Score
10/10
gurcucollectionspywarestealer

Malware Config

Extracted

Family

gurcu

C2

https://api.telegram.org/bot6209822134:AAHQxD-CI1YDVcNbXijXHlonsEUgv3dfYtg/sendMessage?chat_id=-1001529292045

Signatures

  • Gurcu, WhiteSnake

    Gurcu is a malware stealer written in C#.

    stealergurcu
  • Executes dropped EXE 21 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 12 IoCs
  • Suspicious use of WriteProcessMemory 32 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\m1f1f3a069223072f8d6802a079235d.exe
    "C:\Users\Admin\AppData\Local\Temp\m1f1f3a069223072f8d6802a079235d.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:3124
    • C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C chcp 65001 && ping 127.0.0.1 && schtasks /create /tn "m1f1f3a069223072f8d6802a079235d" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe" /rl HIGHEST /f && DEL /F /S /Q /A "C:\Users\Admin\AppData\Local\Temp\m1f1f3a069223072f8d6802a079235d.exe" &&START "" "C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe"
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:4716
      • C:\Windows\system32\chcp.com
        chcp 65001
        3⤵
          PID:3576
        • C:\Windows\system32\PING.EXE
          ping 127.0.0.1
          3⤵
          • Runs ping.exe
          PID:3708
        • C:\Windows\system32\schtasks.exe
          schtasks /create /tn "m1f1f3a069223072f8d6802a079235d" /sc MINUTE /tr "C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe" /rl HIGHEST /f
          3⤵
          • Creates scheduled task(s)
          PID:4712
        • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
          "C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe"
          3⤵
          • Executes dropped EXE
          • Accesses Microsoft Outlook profiles
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • outlook_office_path
          • outlook_win_path
          PID:4160
          • C:\Windows\System32\tar.exe
            "C:\Windows\System32\tar.exe" -xvzf "C:\Users\Admin\AppData\Local\Temp\tmp39EC.tmp" -C "C:\Users\Admin\AppData\Local\d67800nkmj"
            4⤵
              PID:1544
            • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
              "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
              4⤵
              • Executes dropped EXE
              PID:1660
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:3552
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:3648
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1580
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:4888
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1908
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:4196
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2596
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:1468
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4492
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:1600
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1460
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:4636
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:404
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:1884
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1140
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:1560
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4144
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
          • Executes dropped EXE
          PID:2852
      • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1964
        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          "C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe" -f "C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt"
          2⤵
            PID:3524

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\m1f1f3a069223072f8d6802a079235d.exe.log
          Filesize

          847B

          MD5

          486ebddc86ea8b3e965d390d22283a23

          SHA1

          eaffc047f067084867e8575c576a9ec60e094ba8

          SHA256

          50a57273ecb794e53b0622eb841341e2643c11f53fa47356e6e754ab2268171d

          SHA512

          0a50ba02250b38355a6f4fb94e40c61258a74031d9aea7cdf675f3e068f39ec0748ecf292aaf2f94b1963b9d66516ee79aa6c552617048e248774af0ff07189d

          Download Submit

        • C:\Users\Admin\AppData\Local\TeamViewer\m1f1f3a069223072f8d6802a079235d.exe
          Filesize

          306KB

          MD5

          4b36dcaa94c3eca48a6292bd670ffe79

          SHA1

          705484e61ac39ba02cc80903be0da6ce74333334

          SHA256

          c2e57e9b6e52a5429ae7a7bd36c57f63589d78fbf0ffe5760ada4a67b9fadec9

          SHA512

          cf07d7f80264554eb3b945421ca41db38ff79707775d355d478c09f4b64d14f523339295aa4bc9b79c0dbb004e6756585bcf85edc8cbc2d16f7f0481be93513a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\tmp39EC.tmp
          Filesize

          13.3MB

          MD5

          89d2d5811c1aff539bb355f15f3ddad0

          SHA1

          5bb3577c25b6d323d927200c48cd184a3e27c873

          SHA256

          b630008f6d3887793d48b87091e56691e292894dd4fa100dc4a418a2f29dcc12

          SHA512

          39e576124c54143520c5435a2ef9b24506131e13403489c0692f09b89135015d611c4988d4772f8a1e6557fa68b4667d467334461009cee8c2227dfc3e295289

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\data\cached-microdesc-consensus
          Filesize

          2.7MB

          MD5

          a0db8a87f7b723266c8b04255da46b06

          SHA1

          4df00ea56d22d88f3d2e005ef66bad5b3ef92ebf

          SHA256

          60b43cdce0f807f7891521f396f53def34a7d98986dbde0faa2a197189c587f3

          SHA512

          41b8fc467d11af7ca6a42c7e94d1b8295ab3ae5d6d186b4f378e6e079440520e8324b695da1134beb2bc1697d2491edcc70c1b75ab6fc66b9c1cb2ecbcdb4a7d

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\data\cached-microdescs.new
          Filesize

          6.1MB

          MD5

          cd59fc6f7e5cba6a5341e4a3cd66d64c

          SHA1

          05dbd06cf10edf45fb5d366277ab699336edeee2

          SHA256

          bbf36c47fb4bedaef3faa40f04b392e8e4ecbf7ec414b762d0e355c77d2f0112

          SHA512

          0a0cb620864f2bc1460d9c93a61b884aad1d19715ed951a40fd3ed45d34e1d757f1fdc9ffefb82c23af86e3bec4c2a135079f11176aa19b50de772b61e213606

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\host\hostname
          Filesize

          64B

          MD5

          12408ff6c35fb8b80bc7f1c0757c1457

          SHA1

          914f02cca6f72b0079433b3ed39c63addc672721

          SHA256

          92965b1df591abf0fe0ed208635ade348328f00304bca6ea8f3e3d155c288c0b

          SHA512

          f29dbc6b0fc858657cb16d9d470d5b66d432aa3a512359de4218b84a4b016094ebf076612b5c26e31fbc571e93e24ac5f295d73cb89569fb92663f14435136d9

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\port.dat
          Filesize

          4B

          MD5

          5b4e9aa703d0bfa11041debaa2d1b633

          SHA1

          b27cce8bfb067bf852b28be6616c9f647bdbaa61

          SHA256

          9b8bc70a7157cb4ae8712a23476fd320e98bc25ed523de6443ab3e9611d7f583

          SHA512

          715feacc88c06c2e788a0e6bed9416e93e99a80d191e93968d94b9b47936277b8b9dc857e4e5250f8beb19beef7044371b672bb929cddd2df5691a369f45eefb

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          Filesize

          4.5MB

          MD5

          96a1b14ace4b71309f199214aad7e338

          SHA1

          792ec2489c65768f9688c3e0295cf53153fbbe2e

          SHA256

          719e6913c3de5f8c769b2a0a088402e7542c1ad976ea411a8874f6b71d703d9b

          SHA512

          ed2816bcaa193afe776e382a8361c10c73288691eb774837b1362ead30e3d244e088cf823c6be7c6bb3c37a91b59431c331dd692559449655b22d0496313b85e

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\tor\tor.exe
          Filesize

          7.4MB

          MD5

          88590909765350c0d70c6c34b1f31dd2

          SHA1

          129b27c3926e53e5df6d44cc6adf39c3a8d9ebf7

          SHA256

          46fe244b548265c78ab961e8f787bc8bf21edbcaaf175fa3b8be3137c6845a82

          SHA512

          a8af08d9169a31a1c3419d4e6e8fbe608c800d323840563b5a560d3e09e78a492201f07cc0d3864efbff8ad81e59885fc43a6b749e0a3377aa8555df258af192

          Download Submit

        • C:\Users\Admin\AppData\Local\d67800nkmj\torrc.txt
          Filesize

          218B

          MD5

          f8f10a57cd03435b13228a65516a58c7

          SHA1

          212850571ce136177d6b8ea156dee91d695cd7c1

          SHA256

          806958fd2783d5d760042dd2503af84848cb169b434158af2531213a4634e5f9

          SHA512

          82b42516a333fa6167d500ac692d1e8269a8d9d95526c0236f6f3e37436055f463a16ca65d61807a7183747b1a062683ce93519925f6bbb42afb6b4fb8ef730f

          Download Submit

        • memory/404-144-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/404-141-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/404-142-0x00000229C4060000-0x00000229C4070000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1140-155-0x000001B0ED410000-0x000001B0ED420000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1140-154-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1140-157-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1460-135-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1460-132-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1460-133-0x0000017C57CB0000-0x0000017C57CC0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1580-96-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1580-94-0x00000215ED4E0000-0x00000215ED4F0000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1580-93-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1908-102-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1908-109-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1908-103-0x000001EAFF980000-0x000001EAFF990000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1964-179-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1964-176-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/1964-177-0x000001E3FC060000-0x000001E3FC070000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2596-112-0x0000012A72C00000-0x0000012A72C10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/2596-114-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/2596-111-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3124-1-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3124-0-0x00000232335A0000-0x00000232335F2000-memory.dmp

          Filesize

          328KB

          Download

        • memory/3124-6-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3124-2-0x0000023235410000-0x0000023235420000-memory.dmp

          Filesize

          64KB

          Download

        • memory/3552-79-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3552-71-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/3552-72-0x000001E3BEA40000-0x000001E3BEA50000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4144-168-0x000001AA6F760000-0x000001AA6F770000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4144-170-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4144-167-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4160-53-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4160-12-0x000001C91BF00000-0x000001C91BF10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4160-11-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4160-54-0x000001C91BF00000-0x000001C91BF10000-memory.dmp

          Filesize

          64KB

          Download

        • memory/4492-126-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download

        • memory/4492-124-0x00007FFA191F0000-0x00007FFA19CB2000-memory.dmp

          Filesize

          10.8MB

          Download