Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

21bfb89940...0N.exe

windows7-x64

10

21bfb89940...0N.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    132s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    09/07/2024, 02:33

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    21bfb89940c27475155ba34b9c6380a0N.exe

  • Size

    397KB

  • MD5

    21bfb89940c27475155ba34b9c6380a0

  • SHA1

    65a5d8491e9f0e2c67cec9762a17b5614ad9aca6

  • SHA256

    3914d4baa9d3686d98d1ec48e2865e883425140af90e4954c6547e470a617700

  • SHA512

    7e37ac20c2d78e0ae7185a1115bd944891419a41bc662e1bb6ac00ad538ab275c539d6b6fcd0deec4ded20451be1e1d7bf201a113363d09d43b3d86d9aed1071

  • SSDEEP

    6144:fewPKi7GKMxjVFM6234lKm3mo8Yvi4KsLTFM6234lKm3pT11Tgkz1581hW:mpi7G5ZFB24lwR45FB24lzx1skz15L

Score
10/10
persistence

Malware Config

Signatures

  • Adds autorun key to be loaded by Explorer.exe on startup 2 TTPs 34 IoCs
    persistence
  • Executes dropped EXE 17 IoCs
  • Drops file in System32 directory 51 IoCs
  • Program crash 1 IoCs
  • Modifies registry class 54 IoCs
  • Suspicious use of WriteProcessMemory 51 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\21bfb89940c27475155ba34b9c6380a0N.exe
    "C:\Users\Admin\AppData\Local\Temp\21bfb89940c27475155ba34b9c6380a0N.exe"
    1⤵
    • Adds autorun key to be loaded by Explorer.exe on startup
    • Drops file in System32 directory
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2400
    • C:\Windows\SysWOW64\Ecbeip32.exe
      C:\Windows\system32\Ecbeip32.exe
      2⤵
      • Adds autorun key to be loaded by Explorer.exe on startup
      • Executes dropped EXE
      • Drops file in System32 directory
      • Modifies registry class
      • Suspicious use of WriteProcessMemory
      PID:4300
      • C:\Windows\SysWOW64\Eaceghcg.exe
        C:\Windows\system32\Eaceghcg.exe
        3⤵
        • Adds autorun key to be loaded by Explorer.exe on startup
        • Executes dropped EXE
        • Drops file in System32 directory
        • Modifies registry class
        • Suspicious use of WriteProcessMemory
        PID:884
        • C:\Windows\SysWOW64\Edaaccbj.exe
          C:\Windows\system32\Edaaccbj.exe
          4⤵
          • Adds autorun key to be loaded by Explorer.exe on startup
          • Executes dropped EXE
          • Drops file in System32 directory
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          PID:2576
          • C:\Windows\SysWOW64\Ephbhd32.exe
            C:\Windows\system32\Ephbhd32.exe
            5⤵
            • Adds autorun key to be loaded by Explorer.exe on startup
            • Executes dropped EXE
            • Drops file in System32 directory
            • Modifies registry class
            • Suspicious use of WriteProcessMemory
            PID:4940
            • C:\Windows\SysWOW64\Ekngemhd.exe
              C:\Windows\system32\Ekngemhd.exe
              6⤵
              • Adds autorun key to be loaded by Explorer.exe on startup
              • Executes dropped EXE
              • Drops file in System32 directory
              • Modifies registry class
              • Suspicious use of WriteProcessMemory
              PID:3424
              • C:\Windows\SysWOW64\Enlcahgh.exe
                C:\Windows\system32\Enlcahgh.exe
                7⤵
                • Adds autorun key to be loaded by Explorer.exe on startup
                • Executes dropped EXE
                • Drops file in System32 directory
                • Modifies registry class
                • Suspicious use of WriteProcessMemory
                PID:1332
                • C:\Windows\SysWOW64\Ejccgi32.exe
                  C:\Windows\system32\Ejccgi32.exe
                  8⤵
                  • Adds autorun key to be loaded by Explorer.exe on startup
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • Modifies registry class
                  • Suspicious use of WriteProcessMemory
                  PID:1804
                  • C:\Windows\SysWOW64\Edihdb32.exe
                    C:\Windows\system32\Edihdb32.exe
                    9⤵
                    • Adds autorun key to be loaded by Explorer.exe on startup
                    • Executes dropped EXE
                    • Drops file in System32 directory
                    • Modifies registry class
                    • Suspicious use of WriteProcessMemory
                    PID:2320
                    • C:\Windows\SysWOW64\Fjeplijj.exe
                      C:\Windows\system32\Fjeplijj.exe
                      10⤵
                      • Adds autorun key to be loaded by Explorer.exe on startup
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • Modifies registry class
                      • Suspicious use of WriteProcessMemory
                      PID:1280
                      • C:\Windows\SysWOW64\Fqphic32.exe
                        C:\Windows\system32\Fqphic32.exe
                        11⤵
                        • Adds autorun key to be loaded by Explorer.exe on startup
                        • Executes dropped EXE
                        • Drops file in System32 directory
                        • Modifies registry class
                        • Suspicious use of WriteProcessMemory
                        PID:4412
                        • C:\Windows\SysWOW64\Fjhmbihg.exe
                          C:\Windows\system32\Fjhmbihg.exe
                          12⤵
                          • Adds autorun key to be loaded by Explorer.exe on startup
                          • Executes dropped EXE
                          • Drops file in System32 directory
                          • Modifies registry class
                          • Suspicious use of WriteProcessMemory
                          PID:4192
                          • C:\Windows\SysWOW64\Fdmaoahm.exe
                            C:\Windows\system32\Fdmaoahm.exe
                            13⤵
                            • Adds autorun key to be loaded by Explorer.exe on startup
                            • Executes dropped EXE
                            • Drops file in System32 directory
                            • Modifies registry class
                            • Suspicious use of WriteProcessMemory
                            PID:3620
                            • C:\Windows\SysWOW64\Fkgillpj.exe
                              C:\Windows\system32\Fkgillpj.exe
                              14⤵
                              • Adds autorun key to be loaded by Explorer.exe on startup
                              • Executes dropped EXE
                              • Drops file in System32 directory
                              • Modifies registry class
                              • Suspicious use of WriteProcessMemory
                              PID:3876
                              • C:\Windows\SysWOW64\Fbaahf32.exe
                                C:\Windows\system32\Fbaahf32.exe
                                15⤵
                                • Adds autorun key to be loaded by Explorer.exe on startup
                                • Executes dropped EXE
                                • Drops file in System32 directory
                                • Modifies registry class
                                • Suspicious use of WriteProcessMemory
                                PID:2968
                                • C:\Windows\SysWOW64\Fjmfmh32.exe
                                  C:\Windows\system32\Fjmfmh32.exe
                                  16⤵
                                  • Adds autorun key to be loaded by Explorer.exe on startup
                                  • Executes dropped EXE
                                  • Drops file in System32 directory
                                  • Modifies registry class
                                  • Suspicious use of WriteProcessMemory
                                  PID:1304
                                  • C:\Windows\SysWOW64\Fklcgk32.exe
                                    C:\Windows\system32\Fklcgk32.exe
                                    17⤵
                                    • Adds autorun key to be loaded by Explorer.exe on startup
                                    • Executes dropped EXE
                                    • Drops file in System32 directory
                                    • Modifies registry class
                                    • Suspicious use of WriteProcessMemory
                                    PID:4276
                                    • C:\Windows\SysWOW64\Gddgpqbe.exe
                                      C:\Windows\system32\Gddgpqbe.exe
                                      18⤵
                                      • Executes dropped EXE
                                      PID:3032
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 3032 -s 412
                                        19⤵
                                        • Program crash
                                        PID:3900
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3032 -ip 3032
    1⤵
      PID:4612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4432,i,4226873509039249198,15952596839998010243,262144 --variations-seed-version --mojo-platform-channel-handle=4584 /prefetch:8
      1⤵
        PID:1004

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Windows\SysWOW64\Eaceghcg.exe
        Filesize

        397KB

        MD5

        d22ac70ecea86dc07ef29edefd580bf1

        SHA1

        8e1069ebce2ca9e285ad0fb9a4af008f4a6989ff

        SHA256

        d53e1f4f6113b4b7783d7f6604529bd8879aa9e1869de593555ff09b371ca77f

        SHA512

        6278c7cecfe3280eba028ad7764b21b7161ff1d62dac340dae0e479a5d6567d36b6613fc4a083a3ea5879d51a4114ef85edfdc97a1771604cd68206b700dddc9

        Download Submit

      • C:\Windows\SysWOW64\Ecbeip32.exe
        Filesize

        397KB

        MD5

        646a436a60fba62ec0343798d7b1718c

        SHA1

        582e62d2f4c818c1bff8c5df4d0b6856e4278b79

        SHA256

        87f2f20e9ecf6c17606b097e8512bda06d9c291ce6348d3d7f783a83c9a069da

        SHA512

        bbfd7a962f2394e16323c2ea27d130e077869eb1c304477f3496d8d16b0da2f15845daaa866830e2fcfa113dd88710a3b32a20527be850c9bb630f7f13d214ef

        Download Submit

      • C:\Windows\SysWOW64\Edaaccbj.exe
        Filesize

        397KB

        MD5

        19ec2b9c6074ece2cef5d79bd383e5e5

        SHA1

        da934e26fc27d8a1b7239daadb8830be5e261fda

        SHA256

        8ebf2f2d73a3d8a707b535fbc540fbe3400cb5ba49336e295d1347ddc341d70d

        SHA512

        2a09218580e0e77a1f6b9ca754931fe462347943b615ddcb22727c01a957fa6e49cebca855bcdf51749a06221f4b164bc54a4cd1060b31f4b52e3ebb80cf9a1a

        Download Submit

      • C:\Windows\SysWOW64\Edihdb32.exe
        Filesize

        397KB

        MD5

        f26ff0b145acf16b4a22f099dbe72fe2

        SHA1

        308f79cc345ef8cdd657306631d530acf74897b1

        SHA256

        47eeff729a5d7627cd2fcfa60e0a3c293a48e5e2493eef6fd6dfca06d462336a

        SHA512

        56233e36170c43a473109b5f106176979792bc8990f6af1e6ae0bc75c1b7bc39322816dca16fa0af0f73faec0cbe362aea26e031cbb716989cdc8dc868df97ed

        Download Submit

      • C:\Windows\SysWOW64\Edihdb32.exe
        Filesize

        397KB

        MD5

        57a3b6e11721254a66d8a99638b48f23

        SHA1

        43187c5fb3faf5e4cd9cf949b1781e43ea5ebfd7

        SHA256

        448250d5329243f4fa7804a2e2d7a5e19e8ab08653c8e376302b58b88a570741

        SHA512

        45dae8960265f5133b62b0425ae79550f16d866c342e7fc94426f53e3d316fd793f30f6ed5dac358ac0a048d60fb96a4aa4ca658555d5f9a46b43b55a54dfc0d

        Download Submit

      • C:\Windows\SysWOW64\Ejccgi32.exe
        Filesize

        397KB

        MD5

        d898e9b71a5bef09a6ffeb91eb8c52ad

        SHA1

        e5fa61112c109375cee7e6f53f63c9bffd844f8e

        SHA256

        c3cab88507a39982621f6d05add7b75aebc1c6d8929cdbfda92e00cd49ce5e8a

        SHA512

        ac12744436d70eb4a1d181916169a35c6926e590c7f87b5b59fd556674f8ff90547245b2069879adf1af7fbec30656038c68ddef3746ccd7f6e201b38cee3e8c

        Download Submit

      • C:\Windows\SysWOW64\Ekngemhd.exe
        Filesize

        397KB

        MD5

        7f765e3866097ee21ad693632282a86c

        SHA1

        80948ff231cd68f01ae18478761c39250f6e39c2

        SHA256

        0bc8e15d6433f4256a3454a5792985b2f6ce1ed2a7ab49902f9efd556f3b378d

        SHA512

        fe043ba1538037bbe5fe68ff9a949311c4663c9b70022ddd3b967ed4b5871585196453f98f6ee6f2b8c5a093cc623b2db5fc3f71b058ed27962061cf82b6fd68

        Download Submit

      • C:\Windows\SysWOW64\Enlcahgh.exe
        Filesize

        397KB

        MD5

        223559e64b73c329be20d3e2218e58fb

        SHA1

        49ff4c330c2960c8496c7f7a3ee037f329ff6e97

        SHA256

        26f84493148a21ffcbcd2a6907a5492578c36c041974c8ac3da6a8eeb5d89889

        SHA512

        e9e517b45a0a30da38ec20b0a7b12bc4f6b2c4d58b538567af582daa2cb6b58e3c8e20d2aa961298f7f3ab6f682f35b236a20fc913992b65c6923c4dd793112a

        Download Submit

      • C:\Windows\SysWOW64\Ephbhd32.exe
        Filesize

        397KB

        MD5

        ab69b6df47c9d527702ea26c2c2cd6b4

        SHA1

        ec77cced8be9d256018d396f5d888ecac1122395

        SHA256

        4386b24c41ddc533cbeb08e4bbd20ea94d054dceb7ab437ad48fd657f2141328

        SHA512

        d7acec8afd9af21e58e67c637ac635fa2c1302c3b4902993ca624aa776e5ee506854d542971d70fec528eeba821bfc22b5bbc17417d16d0d1265e2bc43644b47

        Download Submit

      • C:\Windows\SysWOW64\Fbaahf32.exe
        Filesize

        397KB

        MD5

        b254da2ac72700d7beb09ee5be9074bb

        SHA1

        092658efec7b43f286f1dcac2597d203336f45d9

        SHA256

        afd31c2e1124e4b5ac2b246b176cfba743423dfc9980c0c03273e8134414f140

        SHA512

        b2437c6245db1791d4f83bd18d3bd5378a71fbc0a3771c74fac48f02ee25ccac23e89c53440c86c00457bab4479457979f6acd597222daf83a08e13e3f4ff43c

        Download Submit

      • C:\Windows\SysWOW64\Fdmaoahm.exe
        Filesize

        397KB

        MD5

        8679c5511d8a50362ce2160a04398e4e

        SHA1

        66045908fb45eaf4e6de5c0bda84fcf6f70c2833

        SHA256

        b9ec7788b04cb7421dc9fcc9349dcdded414a920439725c0b28a677149c86cce

        SHA512

        332385ba1071f4a8e025199f34ad948b2d6fa1eb894f61d97c2c0dd6c3bf3de6b0b00fe853dda50021eb466bf72c0248d4864b26e47a2fba1b321af0978ca8bd

        Download Submit

      • C:\Windows\SysWOW64\Fjeplijj.exe
        Filesize

        397KB

        MD5

        d540216d9db5451fbbdcaaaccac9b32e

        SHA1

        ccf56270e330e18f39514906e7cd9a8dbe616343

        SHA256

        a715d1865fdec96552c0cebd284225e716444e61c92cc719b89bc237f87173e7

        SHA512

        c4ca3e8184fc80fde60644e4812ef12d24ac7b9feada961848f454ed5f27389a60bf22a477149a4751ba086831202a1e1ccc16d1139304b540207ef59fc8a530

        Download Submit

      • C:\Windows\SysWOW64\Fjhmbihg.exe
        Filesize

        397KB

        MD5

        f082c64879f87532a87892e5d85da4f7

        SHA1

        7d9cb65e4cfca0b827e0765832d87abad1cc18ed

        SHA256

        5d4f1745b0bdb66877741d03d7c157cf5f466ec7ee78ad37dd6a26715c77fc54

        SHA512

        49b4aae0e39a17f002c70aee8ee9478951ceea019d5622595bcc57674a2c9edd3e0cc6d32e31c22b3301c64d0bc2e931e41fe911106e3eb03c76592d73f26c7a

        Download Submit

      • C:\Windows\SysWOW64\Fjmfmh32.exe
        Filesize

        397KB

        MD5

        9caaecc91f30623efb3aa1300fb5da83

        SHA1

        5cbfa62d70eabd6884daf048203250b22abb2f78

        SHA256

        1d0f186a97ae3325dc34c6efd2af95a52c8bc5f9a828bb50efc0661288e64b61

        SHA512

        394120214167ef68c42f539d81cabff07cf9afaf88cefa3adc9a46b714c84aefce8d4e41c4c8524a07e08d32828ce574e58799c36a63eb2f11af84fff3907a83

        Download Submit

      • C:\Windows\SysWOW64\Fkgillpj.exe
        Filesize

        397KB

        MD5

        d813b41bfa0654a76c9f2391fded394e

        SHA1

        5e28259c88ebb62bf07cca584cd92e841f7b58c6

        SHA256

        d7c773652f1ff072f5453e59dbba86ed71452311ac8522c554624f57756247c4

        SHA512

        af90ca505641c65765b1c9c1be389e77c85314433d71c9ffed0dc38e139660b924327b34bd9e22aad95c9afdca36839a9502158da4049774428e066716c0ab85

        Download Submit

      • C:\Windows\SysWOW64\Fklcgk32.exe
        Filesize

        397KB

        MD5

        6b4e858757885edebe2eb92d8701a008

        SHA1

        2bcfcadf0a0af86360040ceeda93d1d8f2e868d9

        SHA256

        9fbb71d542a5245661ebeb09b560232a77433ffca6fc5994d752819554cf9a01

        SHA512

        26678aadf8ee53ca517726661b005a517481ff59e57fb627ae67bfa59d4086f5dbda1af70801fd85599b2661b535c93e1f34f30e9ff942d46113ae33dd6cb4b0

        Download Submit

      • C:\Windows\SysWOW64\Fqphic32.exe
        Filesize

        397KB

        MD5

        66f5e9798e35310ecfbb3f7ac3681a1a

        SHA1

        4699f5070f4a3d6fa27622713df024cc0ad9de36

        SHA256

        5cdc1faf9dbdf5732c5b09ae8934fc45871bd410f3088806486f479f8b1313ec

        SHA512

        725934accc560b6daa0fdbed4a77b2d3857e39a3627a0536c0ed1d9fe95d139622a22385ef96bb2f08d86df1d5f400524c1efb0658293786ffda6d50a337b757

        Download Submit

      • C:\Windows\SysWOW64\Gddgpqbe.exe
        Filesize

        397KB

        MD5

        9921ce71f72ffe17c156bc39d7f703b6

        SHA1

        cd3f6cf2ffc4005a795ed1c7a602403157049e1e

        SHA256

        0ed5637ba53b1346dcc83127fa8867d03aa64763fd8aa0971d734d88ac1a1a28

        SHA512

        ae22f5391f884abf4b9079fc9cddddb1ed79c69fa1bc9d2bfd9980d7ef9502ae55160331baa8d34ad8e9ab3cf23ef4f09e01b106950d055eb99478de15779cd3

        Download Submit

      • C:\Windows\SysWOW64\Kamonn32.dll
        Filesize

        7KB

        MD5

        b0d56a461789a628f5dc2c7dfcb0da1d

        SHA1

        7038de3913ec9d59f6e7321b4aff4006dd60d62e

        SHA256

        455b57ee3a5cf9adb5f3a72d77347f9a0c9ada38e7c66146b7cb5d29707755d2

        SHA512

        136a8fb17ca46609bc8d3300f55133fb12d18008cd03a26e1be18b87b8ba7c2bd35fbf01821562ffc3b9eae8ef9fbea3f527b2ea848c5b5a6f050cd355c7e0c4

        Download Submit

      • memory/884-20-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1280-153-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1280-72-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1304-119-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1304-143-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1332-159-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1332-48-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1804-157-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/1804-56-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2320-155-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2320-64-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2400-0-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2400-169-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2576-24-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2576-164-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2968-142-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/2968-111-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3032-135-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3032-137-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3424-44-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3620-96-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3620-145-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3876-149-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/3876-103-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4192-88-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4192-148-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4276-127-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4276-139-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4300-167-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4300-7-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4412-151-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4412-80-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4940-162-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download

      • memory/4940-31-0x0000000000400000-0x0000000000433000-memory.dmp

        Filesize

        204KB

        Download