dd2f3d7118883fd2d37095ff4abf738f99a23e801935671a56a85594aa6ceb04

Analysis

max time kernel
150s
max time network
122s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
20-07-2024 01:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Velocity Spoofer.exe
Size

19.7MB
MD5

6cb66ac3e7d224dcf60fce2902f50d4b
SHA1

2bf70cf93d9d6ac13916c2affb610f2c6a885764
SHA256

dd2f3d7118883fd2d37095ff4abf738f99a23e801935671a56a85594aa6ceb04
SHA512

1ad4eb84196ff724f715b7338e08c1591fdcb28ddf0786e42cf02fcdcab05cd941e3b0bf43f39705f865ddf77dd9a2c82625441008fb5cd7b890b2bc94f73b39
SSDEEP

393216:l4qMf3RuoaX5L7nFv2TGIlkeBqkRbfxL9tMtbmE/WUnwbZSDUX:lPMvRU1rl+GxeBqkltMtV/WUnwbZ1

Score

10^/10

evasion persistence themida trojan

Malware Config

Signatures

Modifies visiblity of hidden/system files in Explorer 2 TTPs 2 IoCs

evasion

Hidden Files and Directories

T1564.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	svchost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1506706701-1246725540-2219210854-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\ShowSuperHidden = "0"	explorer.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	velocity spoofer.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	velocity spoofer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	velocity spoofer.exe

Executes dropped EXE 6 IoCs

pid	Process
2112	velocity spoofer.exe
2104	icsys.icn.exe
2956	explorer.exe
2904	spoolsv.exe
1312	svchost.exe
2780	spoolsv.exe

Loads dropped DLL 11 IoCs

pid	Process
2384	Velocity Spoofer.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2824	WerFault.exe
2384	Velocity Spoofer.exe
2104	icsys.icn.exe
2956	explorer.exe
2904	spoolsv.exe
1312	svchost.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/files/0x00080000000187ac-6.dat	themida
behavioral1/memory/2112-33-0x0000000000400000-0x0000000001D1E000-memory.dmp	themida
behavioral1/memory/2112-37-0x0000000000400000-0x0000000001D1E000-memory.dmp	themida
behavioral1/memory/2112-64-0x0000000000400000-0x0000000001D1E000-memory.dmp	themida

Adds Run key to start application 2 TTPs 4 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	explorer.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Explorer = "c:\\windows\\resources\\themes\\explorer.exe RO"	svchost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce\Svchost = "c:\\windows\\resources\\svchost.exe RO"	svchost.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	velocity spoofer.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\explorer.exe	explorer.exe
File opened for modification	C:\Windows\SysWOW64\explorer.exe	svchost.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
2112	velocity spoofer.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	\??\c:\windows\resources\svchost.exe	spoolsv.exe
File opened for modification	C:\Windows\Resources\tjud.exe	explorer.exe
File opened for modification	C:\Windows\Resources\Themes\icsys.icn.exe	Velocity Spoofer.exe
File opened for modification	\??\c:\windows\resources\themes\explorer.exe	icsys.icn.exe
File opened for modification	\??\c:\windows\resources\spoolsv.exe	explorer.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
2824	2112	WerFault.exe	30

Scheduled Task/Job: Scheduled Task 1 TTPs 3 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
2372	schtasks.exe
844	schtasks.exe
2968	schtasks.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2112	velocity spoofer.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
2956	explorer.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe
1312	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2956	explorer.exe
1312	svchost.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
2384	Velocity Spoofer.exe
2384	Velocity Spoofer.exe
2104	icsys.icn.exe
2104	icsys.icn.exe
2956	explorer.exe
2956	explorer.exe
2904	spoolsv.exe
2904	spoolsv.exe
1312	svchost.exe
1312	svchost.exe
2780	spoolsv.exe
2780	spoolsv.exe

Suspicious use of WriteProcessMemory 44 IoCs

description	pid	Process	procid_target
PID 2384 wrote to memory of 2112	2384	Velocity Spoofer.exe	30
PID 2384 wrote to memory of 2112	2384	Velocity Spoofer.exe	30
PID 2384 wrote to memory of 2112	2384	Velocity Spoofer.exe	30
PID 2384 wrote to memory of 2112	2384	Velocity Spoofer.exe	30
PID 2112 wrote to memory of 2824	2112	velocity spoofer.exe	32
PID 2112 wrote to memory of 2824	2112	velocity spoofer.exe	32
PID 2112 wrote to memory of 2824	2112	velocity spoofer.exe	32
PID 2112 wrote to memory of 2824	2112	velocity spoofer.exe	32
PID 2384 wrote to memory of 2104	2384	Velocity Spoofer.exe	33
PID 2384 wrote to memory of 2104	2384	Velocity Spoofer.exe	33
PID 2384 wrote to memory of 2104	2384	Velocity Spoofer.exe	33
PID 2384 wrote to memory of 2104	2384	Velocity Spoofer.exe	33
PID 2104 wrote to memory of 2956	2104	icsys.icn.exe	34
PID 2104 wrote to memory of 2956	2104	icsys.icn.exe	34
PID 2104 wrote to memory of 2956	2104	icsys.icn.exe	34
PID 2104 wrote to memory of 2956	2104	icsys.icn.exe	34
PID 2956 wrote to memory of 2904	2956	explorer.exe	35
PID 2956 wrote to memory of 2904	2956	explorer.exe	35
PID 2956 wrote to memory of 2904	2956	explorer.exe	35
PID 2956 wrote to memory of 2904	2956	explorer.exe	35
PID 2904 wrote to memory of 1312	2904	spoolsv.exe	36
PID 2904 wrote to memory of 1312	2904	spoolsv.exe	36
PID 2904 wrote to memory of 1312	2904	spoolsv.exe	36
PID 2904 wrote to memory of 1312	2904	spoolsv.exe	36
PID 1312 wrote to memory of 2780	1312	svchost.exe	37
PID 1312 wrote to memory of 2780	1312	svchost.exe	37
PID 1312 wrote to memory of 2780	1312	svchost.exe	37
PID 1312 wrote to memory of 2780	1312	svchost.exe	37
PID 2956 wrote to memory of 1556	2956	explorer.exe	38
PID 2956 wrote to memory of 1556	2956	explorer.exe	38
PID 2956 wrote to memory of 1556	2956	explorer.exe	38
PID 2956 wrote to memory of 1556	2956	explorer.exe	38
PID 1312 wrote to memory of 2372	1312	svchost.exe	39
PID 1312 wrote to memory of 2372	1312	svchost.exe	39
PID 1312 wrote to memory of 2372	1312	svchost.exe	39
PID 1312 wrote to memory of 2372	1312	svchost.exe	39
PID 1312 wrote to memory of 844	1312	svchost.exe	42
PID 1312 wrote to memory of 844	1312	svchost.exe	42
PID 1312 wrote to memory of 844	1312	svchost.exe	42
PID 1312 wrote to memory of 844	1312	svchost.exe	42
PID 1312 wrote to memory of 2968	1312	svchost.exe	44
PID 1312 wrote to memory of 2968	1312	svchost.exe	44
PID 1312 wrote to memory of 2968	1312	svchost.exe	44
PID 1312 wrote to memory of 2968	1312	svchost.exe	44

C:\Users\Admin\AppData\Local\Temp\Velocity Spoofer.exe
"C:\Users\Admin\AppData\Local\Temp\Velocity Spoofer.exe"
1⤵
- Loads dropped DLL
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2384
- \??\c:\users\admin\appdata\local\temp\velocity spoofer.exe
  "c:\users\admin\appdata\local\temp\velocity spoofer.exe "
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Checks whether UAC is enabled
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2112
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2112 -s 572
    3⤵
    - Loads dropped DLL
    - Program crash
    PID:2824
- C:\Windows\Resources\Themes\icsys.icn.exe
  C:\Windows\Resources\Themes\icsys.icn.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2104
- - \??\c:\windows\resources\themes\explorer.exe
    c:\windows\resources\themes\explorer.exe
    3⤵
    - Modifies visiblity of hidden/system files in Explorer
    - Executes dropped EXE
    - Loads dropped DLL
    - Adds Run key to start application
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2956
  - - \??\c:\windows\resources\spoolsv.exe
      c:\windows\resources\spoolsv.exe SE
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2904
    - - \??\c:\windows\resources\svchost.exe
        
        c:\windows\resources\svchost.exe
        5⤵
        Modifies visiblity of hidden/system files in Explorer
        Executes dropped EXE
        Loads dropped DLL
        Adds Run key to start application
        Drops file in System32 directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1312
      - \??\c:\windows\resources\spoolsv.exe
        
        c:\windows\resources\spoolsv.exe PR
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2780
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 01:15 /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2372
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 01:16 /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:844
      - C:\Windows\SysWOW64\schtasks.exe
        
        schtasks /create /tn "svchost" /tr "c:\windows\resources\svchost.exe" /sc daily /st 01:17 /f
        6⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:2968
  - - C:\Windows\Explorer.exe
      C:\Windows\Explorer.exe
      4⤵
      PID:1556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\Resources\Themes\explorer.exe

Filesize
135KB

MD5
ff2355e596191ae0c2df24228a37a845

SHA1
89d826ccf6f1757ac99bcf589e736ff317e00d51

SHA256
bd7b2a2d25af634f30c1d63d147a2d031c008b8687e5bf44220908771b68f8c4

SHA512
b1b9c28382444868356886c3f5b1d5373e6d3e617b053fcb13d4054e1e916bc542246225cad430dbed03d5a409777d9f1beb7b9f168af42ad3ffb8329e88fc75

Download Submit
C:\Windows\Resources\Themes\icsys.icn.exe

Filesize
135KB

MD5
fcea7592f5a6d8c6e5cfd07fab4864dd

SHA1
ce01fc7bb1adce3b8d4716a37f2b541b264681e1

SHA256
f0346017cd86cc770065be85c7f959f151d2c1e4e80a9b26cd33831d9fa0facb

SHA512
2851bf5691436af51f9070761fc2c976ee5d4de683efee7d2020284aec93d83d99a495ef9b66c75f7ce7f9e37289c083be408c50133434a1736994d8147929a7

Download Submit
C:\Windows\Resources\svchost.exe

Filesize
135KB

MD5
cb82c6fdd7172e7fbea35a8e74cfcd0e

SHA1
9a9e7134960f204070e8e06e20a0ebbb54f8961c

SHA256
d83fa423022e02b7c46f851a6a4dadec9a2341653f042d08003fc4c057fdb7a4

SHA512
9a3e03956a8536b7e4980b22345b9e12191f96dd5a7b8ebe162c44657ff857d7e571e44787b17467858c81b7bcff10ee93dfb577ca337ec9bb4a0583053c8692

Download Submit
\??\c:\windows\resources\spoolsv.exe

Filesize
135KB

MD5
837cdb0279e7f43ebcc7d8f5bbd909b4

SHA1
d242cc8e436b054acfbeb4891b23e129b06c3510

SHA256
7b45528530e5a59135ab261cba4a2d7a13d9ab1dcbae861c3a2a5096a6a8def9

SHA512
8597199f86de680de5d7ddde1f2e5f616c8ea46044d04ea8d2ecf434606b8bff3d673521bb319138a0cc877de6cc3c9f7a702ea43db365199234aca6d31cd2c0

Download Submit
\Users\Admin\AppData\Local\Temp\velocity spoofer.exe

Filesize
19.6MB

MD5
0043cb93d8ff5d31698fc8682905ed21

SHA1
91579a84f56c6850e9e996508f86cccccbca6744

SHA256
e1b9f69a162f2d05059269bc8da64c6f1d1f799e8da5010545b2f490f6a370b4

SHA512
d61683d0d72403e6d88b8e678c2b3834790611a587a4b7f043d0ddec9619c03aa9293afd16f71a442133ccb793fa0fe5975066a1f0817d19b835683b472a9471

Download Submit
memory/1312-88-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/1312-89-0x00000000005B0000-0x00000000005CF000-memory.dmp

Filesize
124KB

Download
memory/2104-97-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2104-59-0x00000000003B0000-0x00000000003CF000-memory.dmp

Filesize
124KB

Download
memory/2112-26-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-36-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-16-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-15-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-12-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-23-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-30-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-33-0x0000000000400000-0x0000000001D1E000-memory.dmp

Filesize
25.1MB

Download
memory/2112-32-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-31-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-29-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-28-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-27-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-11-0x0000000076901000-0x0000000076902000-memory.dmp

Filesize
4KB

Download
memory/2112-25-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-24-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-37-0x0000000000400000-0x0000000001D1E000-memory.dmp

Filesize
25.1MB

Download
memory/2112-17-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-35-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-34-0x0000000000400000-0x0000000001D1E000-memory.dmp

Filesize
25.1MB

Download
memory/2112-19-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-14-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-20-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-21-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-64-0x0000000000400000-0x0000000001D1E000-memory.dmp

Filesize
25.1MB

Download
memory/2112-18-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-69-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2112-13-0x00000000768F0000-0x0000000076A00000-memory.dmp

Filesize
1.1MB

Download
memory/2384-47-0x00000000003C0000-0x00000000003DF000-memory.dmp

Filesize
124KB

Download
memory/2384-10-0x0000000002D60000-0x000000000467E000-memory.dmp

Filesize
25.1MB

Download
memory/2384-98-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2384-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2780-95-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2904-78-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download
memory/2904-91-0x0000000000310000-0x000000000032F000-memory.dmp

Filesize
124KB

Download
memory/2904-96-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download