695718581438e27bfda6cfec46303d6d56dd477a705e99017c13849c75859087

Analysis

max time kernel
121s
max time network
125s
platform
windows7_x64
resource
win7-20240708-en
resource tags

arch:x64arch:x86image:win7-20240708-enlocale:en-usos:windows7-x64system
submitted
10/08/2024, 21:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

mfx.exe
Size

712KB
MD5

576f5615625177aeb25a4ee47382483e
SHA1

3a6197ac32f4c5d2345ac0e9fb4c3bb78c8cf198
SHA256

e5838c1f19536bb27cf1fded43c988606b74a6ae10cee1b603a13f5688fe84f8
SHA512

e655a6c567f039646768223863d101755dbeb28de55403a4b507b6eb77f8c3fe18bc734d0bdfa826487a73cabb2f1c9415598f811e79dcd1a8ac97eed499a257
SSDEEP

12288:BbltTdzpENTct8CtxS1eStVnW31TDYKK7rsMSyrkANU2XzId8rgYICTpO:BbPpSNTg8CjN4VQ1XJ8g2rV3kd6St

Score

8^/10

discovery

Malware Config

Signatures

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\adslkfj.sys	INSTALL.EXE

Executes dropped EXE 1 IoCs

pid	Process
2920	INSTALL.EXE

Loads dropped DLL 5 IoCs

pid	Process
2252	mfx.exe
2920	INSTALL.EXE
2920	INSTALL.EXE
2920	INSTALL.EXE
2920	INSTALL.EXE

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\fldrvw61.ocx	INSTALL.EXE
File opened for modification	C:\Windows\SysWOW64\fldrvw61.ocx	INSTALL.EXE

Drops file in Program Files directory 29 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Magic Folders\cpy.exe	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\ALI.EXE	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\systray.exe	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\install.exe	mfx.exe
File opened for modification	C:\PROGRA~2\MAGICF~1\(c) 2003 PC-Magic SoftwaRe	INSTALL.EXE
File created	C:\Program Files (x86)\Magic Folders\README.TXT	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\MAGIC.EXE	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\MFX	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\edecrypt.exe	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\fldrvw61.ocx	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\MF.TXX	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\MF.TXX	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\TB.EXE	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\MAGIC.EXE	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\install.exe	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\edecrypt.exe	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\cdlock.dll	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\cdlock.dll	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\MFX	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\fldrvw61.ocx	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\_ci_gentee_	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\mf.chm	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\ALI.EXE	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\README.TXT	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\TB.EXE	mfx.exe
File opened for modification	C:\PROGRA~2\MAGICF~1\readme.txt	INSTALL.EXE
File opened for modification	C:\Program Files (x86)\Magic Folders\mf.chm	mfx.exe
File opened for modification	C:\Program Files (x86)\Magic Folders\cpy.exe	mfx.exe
File created	C:\Program Files (x86)\Magic Folders\systray.exe	mfx.exe

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	INSTALL.EXE

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}\6.1\HELPDIR	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}\ProxyStubClsid32	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D367C835-FFCA-4A73-BBD0-551806EBA698}\ProxyStubClsid32	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}\TypeLib\ = "{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}\ProxyStubClsid32	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FolderView.FolderViewCtrl.61	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\MiscStatus\ = "0"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\MiscStatus\1\ = "133521"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}\6.1\0\win32	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}\TypeLib\Version = "6.1"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\InprocServer32\ThreadingModel = "Apartment"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4D286E0-A46B-49A4-A3F0-73E8BDB7CFDE}\ProxyStubClsid32	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\TypeLib\ = "{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC828020-B236-4736-A520-F515C8486777}\ = "ShellViewControls.TreeNode.61"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\MiscStatus	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\Version	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D367C835-FFCA-4A73-BBD0-551806EBA698}\TypeLib\Version = "6.1"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}\TypeLib\ = "{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E08164D5-BB04-4514-9625-776E14433636}	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}\6.1\ = "Sky Software FolderView ActiveX Control 6.1"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C4D286E0-A46B-49A4-A3F0-73E8BDB7CFDE}	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D367C835-FFCA-4A73-BBD0-551806EBA698}\ = "IFOVDataObject"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D92E6650-A87F-457D-A391-5CB24700CD81}\TypeLib\ = "{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{E08164D5-BB04-4514-9625-776E14433636}\InprocServer32\ = "C:\\PROGRA~2\\MAGICF~1\\fldrvw61.ocx"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FolderView.FolderViewCtrl.61\CLSID	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Component Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C4D286E0-A46B-49A4-A3F0-73E8BDB7CFDE}	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\ = "ITreeNode"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\TypeLib	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}\ = "_DFolderView"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D92E6650-A87F-457D-A391-5CB24700CD81}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShellViewControls.TreeNode.61	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3141E0-1BB2-4636-8F72-0C88303C89EE}\ = "FolderView General Property Page"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\Control	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}\6.1\FLAGS\ = "2"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}\TypeLib\Version = "6.1"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC828020-B236-4736-A520-F515C8486777}\ProgID	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3141E0-1BB2-4636-8F72-0C88303C89EE}\InprocServer32\ = "C:\\PROGRA~2\\MAGICF~1\\fldrvw61.ocx"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\InprocServer32	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\TypeLib\ = "{3A3C012C-3D0F-4E07-BC1D-6EF35FA649A6}"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\Implemented Categories\{7DD95801-9882-11CF-9FA9-00AA006C42C4}	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\TypeLib	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{AC3141E0-1BB2-4636-8F72-0C88303C89EE}	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\ProgID	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC828020-B236-4736-A520-F515C8486777}\InProcServer32\ = "C:\\PROGRA~2\\MAGICF~1\\fldrvw61.ocx"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}\TypeLib	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{D367C835-FFCA-4A73-BBD0-551806EBA698}\TypeLib	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D367C835-FFCA-4A73-BBD0-551806EBA698}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\ = "ITreeNode"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\ProxyStubClsid32	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}\TypeLib\Version = "6.1"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{EC828020-B236-4736-A520-F515C8486777}\ProgID\ = "ShellViewControls.TreeNode.61"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8F21E314-DE2A-4A30-9648-5F98E7A95BAE}\Implemented Categories\{7DD95802-9882-11CF-9FA9-00AA006C42C4}	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}\ProxyStubClsid32	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{C785EEBC-FB07-4A83-97D8-A3667776E74E}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	INSTALL.EXE
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{249BA58F-E69D-49E6-8D93-E6D2290A8B68}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	INSTALL.EXE
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5B5FA657-FC38-42F6-9072-0CC6F53C006E}	INSTALL.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2920	INSTALL.EXE

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2252 wrote to memory of 2920	2252	mfx.exe	30
PID 2252 wrote to memory of 2920	2252	mfx.exe	30
PID 2252 wrote to memory of 2920	2252	mfx.exe	30
PID 2252 wrote to memory of 2920	2252	mfx.exe	30
PID 2252 wrote to memory of 2920	2252	mfx.exe	30
PID 2252 wrote to memory of 2920	2252	mfx.exe	30
PID 2252 wrote to memory of 2920	2252	mfx.exe	30

C:\Users\Admin\AppData\Local\Temp\mfx.exe
"C:\Users\Admin\AppData\Local\Temp\mfx.exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2252
- C:\PROGRA~2\MAGICF~1\INSTALL.EXE
  C:\PROGRA~2\MAGICF~1\INSTALL.EXE
  2⤵
  - Drops file in Drivers directory
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\(c) 2003 PC-Magic SoftwaRe

Filesize
79B

MD5
d0edbb130b31d9a49bf9fa1aa5d5eee6

SHA1
b7ccc0620945dba60e1745573f611cba7feb7d96

SHA256
4fe0c0c76cfdeff05eb5b931d17bb72911cff07a4d486e8c2ecd036ecde7f543

SHA512
a0000b4a2728d96b708d89fbbeb2f5438266b9579e8533a33c253d333e569dac99b9b1436a658f0ad09d079db4a2cc97771ffe12ab5950757b3f850712cee44d

Download Submit
C:\PROGRA~2\MAGICF~1\(c) 2003 PC-Magic SoftwaRe

Filesize
81B

MD5
00a50cf459a545303040ae1472deee38

SHA1
f3d646515786094faf333e72677ef1dbaa19ff64

SHA256
05f2abba422ab61bd3bcb81c49857437096bec144f9c53d8ca3e5cce1cc0abe5

SHA512
d6bb70d0171e987d645d12cae45aac71dd04ce6cd25f0b3544431a5e507eaa7f14c70c4474921dff8b1a7d79f8eeb6f891c1e78104dca55836b74e6bab94756e

Download Submit
C:\PROGRA~2\MAGICF~1\fldrvw61.ocx

Filesize
408KB

MD5
64d928f1de681ad30f0ce997cb02f672

SHA1
87754fc23acfd61487a27034608311fbc9ffb7b1

SHA256
d7ae86d1aac1d6f444c26192cc7429dab91be9bf7ea4a77569e4e9dc6de4bd60

SHA512
a6e4c13ba780acacc27b3dee1586ee2f091de48cc7d81ea348f68b120b25b3365c96b9b1e29577a76da20f14e9b2acfb5f937bfe296dba434e971e1f0263c453

Download Submit
C:\PROGRA~2\MAGICF~1\readme.txt

Filesize
3KB

MD5
62bcabbf150d2be774ba96178c067677

SHA1
88ce3ca18a3c62145411a227138223b9319c6075

SHA256
2cb68af4e55507b019b63b743906e13abe4b81920f95b844e4b0c7e2fe1f4d6a

SHA512
57913a8c8f3675af2628c1ed0a563fc9bbd009658e7d7f1a9b0bb926e3803ebc068c6002af92918ecbb85b058af1fb4f735c6af9844d176f56f38bcbfb619501

Download Submit
\PROGRA~2\MAGICF~1\install.exe

Filesize
1.1MB

MD5
58ed3b77af6bf61755f5d0cf49761e29

SHA1
8873fbc75a2e3b772f657a51c53a3a8d1fb0703d

SHA256
5330e70468dbe58d025830832aeb16fa2ec107f239ca0b26a78aef887584d372

SHA512
ce912b0220bc289e55eb189f9a62795ab8797855498f973f8a548df8523f79e47c2ff276e5f80b2dd6e538db2cb56639e8d6458f64cd3cb977787995c2fd33e2

Download Submit
memory/2252-28-0x0000000010000000-0x0000000010014000-memory.dmp

Filesize
80KB

Download