isrstealer | 23ee565d880d89eff64c4193d0bf816871c60a2fc87858aaeadb417d21e3df7b

Analysis

max time kernel
121s
max time network
124s
platform
windows7_x64
resource
win7-20240508-en
resource tags

arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system
submitted
04-07-2024 04:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
Size

602KB
MD5

24a8aa62c2e2a5caffcd400552cb60e7
SHA1

5e000929b5493f98f01bd525831a3bf7a46b4cd8
SHA256

23ee565d880d89eff64c4193d0bf816871c60a2fc87858aaeadb417d21e3df7b
SHA512

bcdab6fc977578868371ee1370bf40b47760f080c2a361970256d3cb86a1a22470d3d4b1a07040e9fce4020ed33de04df0e561527a787a751a22c0db75c52a89
SSDEEP

6144:PZv/UtcH4d1yTTJDKjF0iiEt4TS3+D6YPHwQniojGLjwbrRbGydmL+6FGzyd278z:BkGH4dmTJ2J0iN3+DjTniKbbRqXrJ

Score

10^/10

isrstealer stealer trojan

Malware Config

Signatures

ISR Stealer
ISR Stealer is a modified version of Hackhound Stealer written in visual basic.
trojan stealer isrstealer

ISR Stealer payload 5 IoCs

resource	yara_rule
behavioral1/memory/2796-12-0x0000000000400000-0x0000000000451000-memory.dmp	family_isrstealer
behavioral1/memory/2796-8-0x0000000000400000-0x0000000000451000-memory.dmp	family_isrstealer
behavioral1/memory/2796-5-0x0000000000400000-0x0000000000451000-memory.dmp	family_isrstealer
behavioral1/memory/2796-48-0x0000000000400000-0x0000000000451000-memory.dmp	family_isrstealer
behavioral1/memory/316-99-0x0000000000400000-0x0000000000451000-memory.dmp	family_isrstealer

NirSoft WebBrowserPassView 4 IoCs

Password recovery tool for various web browsers

resource	yara_rule
behavioral1/memory/2392-45-0x0000000000400000-0x0000000000454000-memory.dmp	WebBrowserPassView
behavioral1/memory/2392-44-0x0000000000400000-0x0000000000454000-memory.dmp	WebBrowserPassView
behavioral1/memory/2392-39-0x0000000000400000-0x0000000000454000-memory.dmp	WebBrowserPassView
behavioral1/memory/2392-52-0x0000000000400000-0x0000000000454000-memory.dmp	WebBrowserPassView

Nirsoft 4 IoCs

resource	yara_rule
behavioral1/memory/2392-45-0x0000000000400000-0x0000000000454000-memory.dmp	Nirsoft
behavioral1/memory/2392-44-0x0000000000400000-0x0000000000454000-memory.dmp	Nirsoft
behavioral1/memory/2392-39-0x0000000000400000-0x0000000000454000-memory.dmp	Nirsoft
behavioral1/memory/2392-52-0x0000000000400000-0x0000000000454000-memory.dmp	Nirsoft

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064

Suspicious use of SetThreadContext 9 IoCs

description	pid	Process	procid_target
PID 1368 set thread context of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 2796 set thread context of 2648	2796	csc.exe	29
PID 2648 set thread context of 2392	2648	csc.exe	30
PID 1368 set thread context of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 316 set thread context of 2488	316	cvtres.exe	32
PID 2488 set thread context of 1876	2488	cvtres.exe	33
PID 1368 set thread context of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 2676 set thread context of 1936	2676	vbc.exe	37
PID 1936 set thread context of 2712	1936	vbc.exe	38

Suspicious behavior: EnumeratesProcesses 52 IoCs

pid	Process
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
2796	csc.exe
2796	csc.exe
2796	csc.exe
2796	csc.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
316	cvtres.exe
316	cvtres.exe
316	cvtres.exe
316	cvtres.exe
2676	vbc.exe
2676	vbc.exe
2676	vbc.exe
2676	vbc.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2796	csc.exe
316	cvtres.exe
2676	vbc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 1368 wrote to memory of 2796	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	28
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2796 wrote to memory of 2648	2796	csc.exe	29
PID 2648 wrote to memory of 2392	2648	csc.exe	30
PID 2648 wrote to memory of 2392	2648	csc.exe	30
PID 2648 wrote to memory of 2392	2648	csc.exe	30
PID 2648 wrote to memory of 2392	2648	csc.exe	30
PID 2648 wrote to memory of 2392	2648	csc.exe	30
PID 2648 wrote to memory of 2392	2648	csc.exe	30
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 1368 wrote to memory of 316	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	31
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 316 wrote to memory of 2488	316	cvtres.exe	32
PID 2488 wrote to memory of 1876	2488	cvtres.exe	33
PID 2488 wrote to memory of 1876	2488	cvtres.exe	33
PID 2488 wrote to memory of 1876	2488	cvtres.exe	33
PID 2488 wrote to memory of 1876	2488	cvtres.exe	33
PID 2488 wrote to memory of 1876	2488	cvtres.exe	33
PID 2488 wrote to memory of 1876	2488	cvtres.exe	33
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 1368 wrote to memory of 2676	1368	24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe	36
PID 2676 wrote to memory of 1936	2676	vbc.exe	37
PID 2676 wrote to memory of 1936	2676	vbc.exe	37
PID 2676 wrote to memory of 1936	2676	vbc.exe	37
PID 2676 wrote to memory of 1936	2676	vbc.exe	37

C:\Users\Admin\AppData\Local\Temp\24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe
"C:\Users\Admin\AppData\Local\Temp\24a8aa62c2e2a5caffcd400552cb60e7_JaffaCakes118.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1368
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2796
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2648
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /scomma C:\Users\Admin\AppData\Local\Temp\data.dmp
      4⤵
      PID:2392
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:316
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe"
    3⤵
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2488
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe" /scomma C:\Users\Admin\AppData\Local\Temp\data.dmp
      4⤵
      PID:1876
- C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
  2⤵
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2676
- - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
    "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"
    3⤵
    - Suspicious use of SetThreadContext
    PID:1936
  - - C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe" /scomma C:\Users\Admin\AppData\Local\Temp\data.dmp
      4⤵
      PID:2712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\data.dmp

Filesize
54B

MD5
c10dbeca73f8835240e08e4511284b83

SHA1
0032f8f941cc07768189ca6ba32b1beede6b6917

SHA256
0b6b62094048f0a069b4582f837afcb941db51340d0b16d578e8cbe8603a071e

SHA512
34f7ab8b4ab7b4996b82ffc49198103ef245ee7dd5ccfec793a9ee391b9e9bb30bd3916b4ebeaa9c66a4b5ca42f8572418f16dc83d41073bc94389c19916b967

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\571O1GB8.txt

Filesize
128B

MD5
aa6465f44e25b3e0a6558f611b3a1774

SHA1
898040e9fd25c268c9ce5520968d195b141b5c4e

SHA256
c316af240a25fc0ac6c2cd517f6a45f26a3cc3d9e4ebcdf91f832f1544e9adde

SHA512
8b296b3142b6a43e9c3572528d53c1d356a48816bbab08d8371aa199154833eeb3cd4e2af2f9616cf654b0d115af8231c5d83eb806bd9a25311b5df10b6a8011

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\ATTPYD4J.txt

Filesize
121B

MD5
cb5f99547564701c676361225c0f6e53

SHA1
aae6c87164ad8948fce016152f405f5094343818

SHA256
fb4971a66627b256d9aff43e4df481742c41a5ae7cd0b2f75ed454e958432f00

SHA512
d34a2bb508015827fcc2289faebf49bbaf434f0912a5cf3a6ccc3f68eeae06c0f042a0d8fab99dde64acbe7e64f61689b151f78ac841cbbe9d9120a7e7ac91bd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\KL5O6KPU.txt

Filesize
94B

MD5
1f0c107868b6399925a253ba8e580875

SHA1
af451da2fd64f725da8075c64782aaee5886fdde

SHA256
dd7bb7d8017d471d54c4c2a9b87044772aeee573c3f5eb8f8e4cf4e3b2a3cc3f

SHA512
c937e3e1d1b5a28240a278e8d604c853c67bbfc1f76c3da3341a2577118838f2e241cdd7a02d5b5e0904ebee6574431e18b2e26e570cb31744271fb291cc43d8

Download Submit
memory/316-99-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/1368-130-0x0000000001FD0000-0x0000000002010000-memory.dmp

Filesize
256KB

Download
memory/1368-55-0x0000000001FD0000-0x0000000002010000-memory.dmp

Filesize
256KB

Download
memory/1368-50-0x0000000001FD0000-0x0000000002010000-memory.dmp

Filesize
256KB

Download
memory/1368-11-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/1368-2-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/1368-1-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/1368-0-0x00000000748A1000-0x00000000748A2000-memory.dmp

Filesize
4KB

Download
memory/1368-128-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/1368-54-0x00000000748A0000-0x0000000074E4B000-memory.dmp

Filesize
5.7MB

Download
memory/2392-44-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2392-45-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2392-39-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2392-35-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2392-52-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/2488-88-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-34-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-42-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-27-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-25-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-23-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-21-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-15-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-32-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-33-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-31-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-19-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2648-17-0x0000000000400000-0x0000000000441000-memory.dmp

Filesize
260KB

Download
memory/2796-48-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2796-4-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2796-5-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2796-6-0x000000007EFDE000-0x000000007EFDF000-memory.dmp

Filesize
4KB

Download
memory/2796-8-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2796-12-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download
memory/2796-3-0x0000000000400000-0x0000000000451000-memory.dmp

Filesize
324KB

Download