ef49eea09e5da6d6326ceaddc2d879da8c8b91f1e227790b604f71d9bca549a6

Analysis

max time kernel
142s
max time network
125s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24/07/2024, 00:27

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
Size

4.3MB
MD5

0b6e5a98890ca3fb6e957c2d70c2a879
SHA1

adbf188f65a645b3067b8b71790391473062488d
SHA256

ef49eea09e5da6d6326ceaddc2d879da8c8b91f1e227790b604f71d9bca549a6
SHA512

a0d92e6d71a9d0d501d90fcfc9a1493e6e21ea0a187dab6535fc5ba39eca854672754c09c48746ea588be31442ed62dbd683695c25d4d20409ab3afdfb8dc30b
SSDEEP

98304:3pq/d8kCBAlMyQjujDW9tBcg2jGqwwASMmhdWuVIaN3fu+ekQwtsIukB3tiXe:ocf5ujyp8jGqwwvrVIaNvu+ekteyNtme

Score

7^/10

discovery evasion trojan

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe

Loads dropped DLL 39 IoCs

pid	Process
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
4824	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4168 wrote to memory of 4824	4168	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe	84
PID 4168 wrote to memory of 4824	4168	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe	84
PID 4168 wrote to memory of 4824	4168	2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe	84

C:\Users\Admin\AppData\Local\Temp\2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
"C:\Users\Admin\AppData\Local\Temp\2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4168
- C:\Windows\temp\7DAD55393594FE11186F2CF22FDB532B\2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe
  "C:\Windows\temp\7DAD55393594FE11186F2CF22FDB532B\2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe" -initialNonSecureSetupPath="C:\Users\Admin\AppData\Local\Temp\2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Checks whether UAC is enabled
  - System Location Discovery: System Language Discovery
  PID:4824

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\93701B50-4953-11EF-81F6-C22FF2BD35B2\downloader_fr-FR.ini

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.setup.ui.core.dll

Filesize
89KB

MD5
2c8f5ec07cb84d844e3fdee32b2a8e00

SHA1
2e27daffed27a7e6ee3adc50eef1710da318ca32

SHA256
8d5bd8184fbc3f79ea9edc2c25e1a5a935514518c3fba89bde308c06722375f9

SHA512
ef37109b456a68d55dee8a45340e25cb9901909b30f9f882f62060951bec20d838561dbe5ebe0480aa2feb668c6ffbb2137ed2f69cd3d6337c6f38cf395f6eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.setup.ui.dll

Filesize
278KB

MD5
1bebc399a1b31eabc3361169df0316d1

SHA1
56091143fafa680dc65dd5f2b5d6fafa94590041

SHA256
894914e74da8c8faf8bb9b34e0f9b586db3cb248c3f6edb715a7cb8c930dd66b

SHA512
d0d1fb7e23391a352f6bb3d5756dbbcd5a3558e0c477b265453931940a223dfa31cafe20232a9d08fbb127158bce325dd8b769e7bb62907be89019cd3f02f1ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.setup.ui.interoplayer.dll

Filesize
56KB

MD5
baf69d3c6977161e0c2b631b3f9958d4

SHA1
a1b2982c11811c4e5f6bce95f3072a855d11c369

SHA256
e6392d0cf3a5984034ca0b346476d7482243550ddd0c65a8c0ff2f03a15867bc

SHA512
2fb765d07638d239b666d4043f9ae75e91dc271ddf399dfe5bfd1c894bcabb95e6e965b478f5208687d9ebaa18cdafd6fc3400cd47694fd9db4ac30f3f1d5839

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.setup.ui.visuals.dll

Filesize
420KB

MD5
6181240bc579d2dfb176a1ca260f5a90

SHA1
eb13b6cd4a242c8399396795d1863954b8d79507

SHA256
b07c4d99d4cbb62b31a425e60c993b809c7043518a9ef0b7b561abd180a1b768

SHA512
f5bb4bdd05836c494a560dc9aa16d62d29b90df7c5854d4a97b8e274890dd1476de955637237867a666c1f08785f5dc06d571e023b124530ee87cf6fdb98689f

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.ui.framework.dll

Filesize
264KB

MD5
2ad2ab4f8517da8e2efdfed22ad49f1e

SHA1
55916e3e5c4c40cf2e5644fbad07baf31459673e

SHA256
6efe8efc6701c80d59ad33bd139aeca1b47a27f49d3ccc16ed01a49da9bfc2e7

SHA512
12800c7d475af627c98cecb6e6c2de8247094166126978e24bd8be3f7193828781e853ee10b3133c989d625f0e2860ce4551369d864748b70db4ec220c515bbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.ui.framework.localization.dll

Filesize
283KB

MD5
079ac68d4beb2ab9602d754b09ff652b

SHA1
90032834cc5cffd0b00119e4e38b5f4c5f877e4c

SHA256
9377c35b19c30ee75c010b1e592796daf1d3493b397ef9d61a1c63a5ab30a88e

SHA512
53782adc516950888ec69b21e744fe4d7f8567223e7c067e362800c78e3621dc148d5aa19f6011962bece1ada3691ef1ef40838a8072480c54aeedb2f4e0c9b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.ui.framework.uikit.b2c.dll

Filesize
631KB

MD5
445e34aa976419cae54e13ede8d41ce5

SHA1
98ca3ee808f97ae16970b0fcefd3387bd07278eb

SHA256
a255bb5dfaa685d7443dbc8bb7fca71417c8f0b1f617ade7077ee437a23a9b24

SHA512
86b4084cf781d4efbb814fce3ed6ca48addbf4c15c5ed3630673350cf65056a80e2a9bc00581a45ae370a64f0bc720d506622eccd9d7ef170814faab1cce14c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\kl.ui.framework.uikit.dll

Filesize
2.7MB

MD5
18defb1e3b7460f592a8ca61e4b40ff0

SHA1
8f8f7d7d1ee8a048d162603cc21a0f4c40b9036b

SHA256
02a884babc5584fec80b227eb1c52dc800c516f1117ff9637617ad84c632da9d

SHA512
7cbdc0c113a0c7ff9628674a8a23f4224290455d4a9a41a66889d01baf1f28b0175197c3078a791ecf6b2052c3fdfc35cf38cfae5bf5917bde80f82499d40b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\setup.dll

Filesize
5.5MB

MD5
4aa1564586c4595889750d22df0d5678

SHA1
89051a7f1021278b7826e177f27f6344bb06c10d

SHA256
a405d44b3eb79276b1dad1232632464e97814a8ac9da8d969adc7b97632d933d

SHA512
5ef9fdf9092fb8cdd884a86a4536962288a3c41d484cd9664c04db1d4465a71677cda87f41bd31bb9a502b93f77c45c5b1d1163e0da1f7423a8aa5d3213496e6

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectorconverterswpf.dll

Filesize
137KB

MD5
a56a73b39703d5ff85b5cf12f9b00009

SHA1
e6448c87f969e19ae4c6514d69d8286d26a2b5db

SHA256
bb5966185017d904d2d7fd952bcc6d5c19fdf6bbbe34ab29c63a3784cd1074c7

SHA512
7fa07a1fcc0735186ee71b3c123b1c4076f04dba5ad319588ea695ef117ab7c39918593e4ee42f18cbd3fe01d043e896981ca6f07293fc2fb0a9bce5d66992b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectorcore.dll

Filesize
201KB

MD5
24e3b7177eeabdf085a01796b49c8e55

SHA1
6916a0bb98892252f59692fd0405e6da62af0f8b

SHA256
eab963926cf2d62b575c6f33804372fea04db328b2b3f0adfb45fee3f27e5386

SHA512
5e377e609673f3d84e22d070012578b8a18fce848a3815d9da05e10043d3e9fde8070094d1841acb44a4f876d8741e371a5fbcc86cce80cdf826131370a41e64

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectorcss.dll

Filesize
109KB

MD5
726d04bbe783a3510b18a491adac05c0

SHA1
11a01c68204dd80b32c01dcdb2e51f5b0ee34d98

SHA256
639e091c9e87986eaf9fe00f0f401834e14878ebc48084697fd4307713a065ca

SHA512
90592ddef83b6640cf8f28f0818098f95acc4139c7b3f5e8afa63bb873530be1613d42ee02dae12160737ee612187fc0139e19ee4a7f1abb3fec1fcaee1ae297

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectordom.dll

Filesize
55KB

MD5
e4f6efef27708458ecda4ee22edf3cef

SHA1
07ccb5fa980dead816737ad83802cbfed18e4a4f

SHA256
413e485d8dd07231d70107d86ee1a17ce705517aed8346b4701747d1fdbfdfc3

SHA512
4920e508304df14041df1189938a1102e4a71e2e57ac4b9b804b6b0405c89c8292012a5ff4dae21268204ed6d9b56a279f4ce18d709074d1cba71cc9d5e11a1d

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectormodel.dll

Filesize
998KB

MD5
225a73e5a0cf87453832b578db6daddb

SHA1
a36717a1b2c7eb2ba160fec5fa80e48b9e57c4ac

SHA256
0499708762c56b9339c980e731ffab294e9b18362af3dcb4ad4481f1c7bd60c1

SHA512
565ee2105bd626650857e0e6f9c8f7d87a68c3ec41923de119a3b710038a4785e16ccf79feb4c1c4f8a308f682163089228ac4ac81295cea754ae1189311c965

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectorrenderingwpf.dll

Filesize
203KB

MD5
faec58e7785c287a7c688f274207048d

SHA1
66c038c720035b7212a7d3733da4520e3b95d63b

SHA256
4c76dd0441a8021a308be24cf0c1957bee280451abcc1467acf47f1a6f7f5dce

SHA512
9269a91a5bab01f076d8e9fde2991463fb224dc6382f8cde3a118e83cb35bdf580b4ea7686f2ea767a2a9c04650222edfc3a8b2569978b734c51b7135915448e

Download Submit
C:\Users\Admin\AppData\Local\Temp\F4B107393594FE11186F2CF22FDB532B\sharpvectorruntimewpf.dll

Filesize
69KB

MD5
0e203d24d04e89779638dd70d5335b39

SHA1
98ffc3718c6e34bd6d696bbcce605db666f99b01

SHA256
f15b5199850b8ed98d2202972ada759823a17893a68d60ca3a0f76ee31aeb204

SHA512
a07f54cce2add948340807b8ecf430e72c07032332046e5dd05d9da90f7d732921c0ff628592ff0710914ec9d9b7188b46377e1594a9f9809a107a022de1cfee

Download Submit
C:\Windows\Temp\7DAD55393594FE11186F2CF22FDB532B\2024-07-24_0b6e5a98890ca3fb6e957c2d70c2a879_avoslocker.exe

Filesize
4.3MB

MD5
0b6e5a98890ca3fb6e957c2d70c2a879

SHA1
adbf188f65a645b3067b8b71790391473062488d

SHA256
ef49eea09e5da6d6326ceaddc2d879da8c8b91f1e227790b604f71d9bca549a6

SHA512
a0d92e6d71a9d0d501d90fcfc9a1493e6e21ea0a187dab6535fc5ba39eca854672754c09c48746ea588be31442ed62dbd683695c25d4d20409ab3afdfb8dc30b

Download Submit
memory/4168-3-0x0000000077912000-0x0000000077913000-memory.dmp

Filesize
4KB

Download
memory/4168-2-0x0000000077A70000-0x0000000077A80000-memory.dmp

Filesize
64KB

Download
memory/4168-1-0x0000000077A70000-0x0000000077A80000-memory.dmp

Filesize
64KB

Download
memory/4168-0-0x0000000077A70000-0x0000000077A80000-memory.dmp

Filesize
64KB

Download
memory/4824-45-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-40-0x00000000740CE000-0x00000000740CF000-memory.dmp

Filesize
4KB

Download
memory/4824-88-0x0000000007280000-0x00000000072C8000-memory.dmp

Filesize
288KB

Download
memory/4824-93-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-84-0x0000000006F10000-0x0000000006F26000-memory.dmp

Filesize
88KB

Download
memory/4824-80-0x0000000006950000-0x0000000006992000-memory.dmp

Filesize
264KB

Download
memory/4824-116-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-107-0x0000000007FC0000-0x000000000805E000-memory.dmp

Filesize
632KB

Download
memory/4824-97-0x0000000007EB0000-0x0000000007F1A000-memory.dmp

Filesize
424KB

Download
memory/4824-127-0x0000000007A90000-0x0000000007AB2000-memory.dmp

Filesize
136KB

Download
memory/4824-52-0x00000000061A0000-0x00000000061E6000-memory.dmp

Filesize
280KB

Download
memory/4824-128-0x0000000008890000-0x0000000008922000-memory.dmp

Filesize
584KB

Download
memory/4824-123-0x0000000007AD0000-0x0000000007B04000-memory.dmp

Filesize
208KB

Download
memory/4824-48-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-139-0x00000000086E0000-0x00000000087DA000-memory.dmp

Filesize
1000KB

Download
memory/4824-44-0x0000000003940000-0x000000000394E000-memory.dmp

Filesize
56KB

Download
memory/4824-143-0x0000000006460000-0x000000000647C000-memory.dmp

Filesize
112KB

Download
memory/4824-92-0x0000000007590000-0x0000000007850000-memory.dmp

Filesize
2.8MB

Download
memory/4824-135-0x00000000065B0000-0x00000000065E2000-memory.dmp

Filesize
200KB

Download
memory/4824-7-0x0000000077A50000-0x0000000077A60000-memory.dmp

Filesize
64KB

Download
memory/4824-147-0x0000000006450000-0x000000000645E000-memory.dmp

Filesize
56KB

Download
memory/4824-8-0x0000000077A50000-0x0000000077A60000-memory.dmp

Filesize
64KB

Download
memory/4824-10-0x0000000077912000-0x0000000077913000-memory.dmp

Filesize
4KB

Download
memory/4824-151-0x00000000064E0000-0x00000000064F2000-memory.dmp

Filesize
72KB

Download
memory/4824-164-0x000000000C3E0000-0x000000000C418000-memory.dmp

Filesize
224KB

Download
memory/4824-165-0x0000000008980000-0x000000000898E000-memory.dmp

Filesize
56KB

Download
memory/4824-9-0x0000000077A50000-0x0000000077A60000-memory.dmp

Filesize
64KB

Download
memory/4824-191-0x0000000008810000-0x0000000008818000-memory.dmp

Filesize
32KB

Download
memory/4824-192-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-193-0x00000000740CE000-0x00000000740CF000-memory.dmp

Filesize
4KB

Download
memory/4824-194-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-195-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-196-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-197-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download
memory/4824-198-0x00000000740C0000-0x0000000074870000-memory.dmp

Filesize
7.7MB

Download