97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40f

Analysis

max time kernel
117s
max time network
95s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
19/09/2024, 03:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
Size

587KB
MD5

6918da84b7436d20c2aba2ab5cbcf770
SHA1

c4d1a5c9f262fe698a9eaa1cf255bd1839d759fe
SHA256

97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40f
SHA512

ace2128e31868a56c3d6d0c9baa6ba8846129bb5d98733e2341f75dffaa2e58018f27dd18d3bdb8d63d7d568a62e023c7064d5c7875bb07aa7e843e35fbb87d9
SSDEEP

12288:6Sq7BGgknkKQ/+AgEwDO4EwF2eNQ7m1C1+TKc:6SWBhknJQ/+kMNh1w+T/

Score

7^/10

discovery persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	acrotray.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	acrotray .exe

Executes dropped EXE 4 IoCs

pid	Process
956	acrotray.exe
3212	acrotray.exe
464	acrotray .exe
4896	acrotray .exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Adobe_Reader = "C:\\Program Files (x86)\\Adobe\\acrotray.exe"	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Adobe\acrotray .exe	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
File created	C:\Program Files (x86)\Adobe\acrotray.exe	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray .exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	IEXPLORE.EXE
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	acrotray.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ielowutil.exe

Modifies Internet Explorer settings 1 TTPs 28 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31132224"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = d03be7f8400adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "4143409774"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31132224"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001bc9387f4f791b45af7c7e57591307f10000000002000000000010660000000100002000000089e76af3f01e240fc04b9d7aff7979e0b077b03b9f29db6a56e0a1aca12ca34f000000000e8000000002000020000000d999c891d4b7bc5b44b45c9371e424ef03ae0ba2b7860c5fdf6845b559831315200000002d719dfb03f06db6622613100df63c52325208b037e396a34556c379a78fbf5e4000000038a67df940e26149478ca242187aa410eb906d60f702ac8a60fabb7c79b641bca65fecea1da72ec40bd3f4d829ac37b4b8fcfc5ad3c4f7e3502facb2532d1b35	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c067eef8400adb01	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000001bc9387f4f791b45af7c7e57591307f1000000000200000000001066000000010000200000004947076554d2e500fb912ec40be2596eb6d5cc0ac4b2f1e6c5a9675275aee765000000000e8000000002000020000000cbe9fa716877ff29a0c76f28bfdd3c90877891c819b46f878d604c5e7725ab392000000031db37d8bae15b08282500d4fcc294d9bd28abc6d7bb2892d55599e19ac29d0b40000000b171a0ad749b07454785a9e537905cc0acbd7cbc7e4be5436b8efd8b7891116d1eae1b8fab84d0206d566b4df25591d2d599cf72a119c9b57958519b215a72b6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{2297688A-7634-11EF-BB4F-C63D5579F9B2} = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Software\Microsoft\Internet Explorer\GPU	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "4143409774"	iexplore.exe

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
956	acrotray.exe
956	acrotray.exe
956	acrotray.exe
956	acrotray.exe
956	acrotray.exe
956	acrotray.exe
3212	acrotray.exe
3212	acrotray.exe
3212	acrotray.exe
3212	acrotray.exe
464	acrotray .exe
464	acrotray .exe
464	acrotray .exe
464	acrotray .exe
464	acrotray .exe
464	acrotray .exe
4896	acrotray .exe
4896	acrotray .exe
4896	acrotray .exe
4896	acrotray .exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
3212	acrotray.exe
3212	acrotray.exe
4896	acrotray .exe
4896	acrotray .exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
3212	acrotray.exe
3212	acrotray.exe
4896	acrotray .exe
4896	acrotray .exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
3212	acrotray.exe
3212	acrotray.exe
4896	acrotray .exe
4896	acrotray .exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
3212	acrotray.exe
3212	acrotray.exe
4896	acrotray .exe
4896	acrotray .exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
3212	acrotray.exe
3212	acrotray.exe
4896	acrotray .exe
4896	acrotray .exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
Token: SeDebugPrivilege	4760	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
Token: SeDebugPrivilege	956	acrotray.exe
Token: SeDebugPrivilege	3212	acrotray.exe
Token: SeDebugPrivilege	464	acrotray .exe
Token: SeDebugPrivilege	4896	acrotray .exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4768	iexplore.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
4768	iexplore.exe
4768	iexplore.exe
2116	IEXPLORE.EXE
2116	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 3664 wrote to memory of 4760	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe	82
PID 3664 wrote to memory of 4760	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe	82
PID 3664 wrote to memory of 4760	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe	82
PID 3664 wrote to memory of 956	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe	90
PID 3664 wrote to memory of 956	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe	90
PID 3664 wrote to memory of 956	3664	97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe	90
PID 956 wrote to memory of 3212	956	acrotray.exe	93
PID 956 wrote to memory of 3212	956	acrotray.exe	93
PID 956 wrote to memory of 3212	956	acrotray.exe	93
PID 956 wrote to memory of 464	956	acrotray.exe	94
PID 956 wrote to memory of 464	956	acrotray.exe	94
PID 956 wrote to memory of 464	956	acrotray.exe	94
PID 4768 wrote to memory of 2116	4768	iexplore.exe	95
PID 4768 wrote to memory of 2116	4768	iexplore.exe	95
PID 4768 wrote to memory of 2116	4768	iexplore.exe	95
PID 464 wrote to memory of 4896	464	acrotray .exe	96
PID 464 wrote to memory of 4896	464	acrotray .exe	96
PID 464 wrote to memory of 4896	464	acrotray .exe	96

C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe
"C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe"
1⤵
- Checks computer location settings
- Adds Run key to start application
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3664
- C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe
  "C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fn.exe" C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4760
- C:\Program Files (x86)\Adobe\acrotray.exe
  "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:956
- - C:\Program Files (x86)\Adobe\acrotray.exe
    "C:\Program Files (x86)\Adobe\acrotray.exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:3212
- - C:\Program Files (x86)\Adobe\acrotray .exe
    "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:464
  - - C:\Program Files (x86)\Adobe\acrotray .exe
      "C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray .exe" C:\Program Files (x86)\Adobe\acrotray.exe" C:\Users\Admin\AppData\Local\Temp\97c06d08ece31e0e76c23b7c511c90229f1285037714d6a44fe1dc8b106ef40fN.exe"
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:4896

C:\Program Files (x86)\Internet Explorer\ielowutil.exe
"C:\Program Files (x86)\Internet Explorer\ielowutil.exe" -CLSID:{0002DF01-0000-0000-C000-000000000046} -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:3160

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4768
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4768 CREDAT:17410 /prefetch:2
  2⤵
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:2116

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Adobe\acrotray .exe

Filesize
599KB

MD5
620e5127100c205e00daec05538d116b

SHA1
40ca965c343b8c5d08f3a0faeae3e8370d4f292b

SHA256
016a2f00a20f6577506d12c0824103b37dd9ca3ac8062797ec372aa0c5fb718d

SHA512
e01ff5f630572c32618b5576ba5c4100ee5e5d9997c949697f5760f3fe36c8206418724b61a2025dfb03a13a1632c1b7180fc61c752680ff110a7b6e2e55ae51

Download Submit
C:\Program Files (x86)\Adobe\acrotray.exe

Filesize
601KB

MD5
631fed80c3cbc76fa5717bcf7b6bdf70

SHA1
382805f318f972f39ab70c9c95eaad0256a40882

SHA256
521fa41478b0c4a3cea65679bbbd6fa0e06b742a016d54b3365ee7600c2d4c6c

SHA512
6071f81e31377307ac8a38606879cd605774b90e70491712e261b1e484acea6bd03d386b6d0669337462943b0f88dbe3486d57417ddb5be06ffbe0795231b2c3

Download Submit
memory/3664-1-0x0000000010000000-0x0000000010010000-memory.dmp

Filesize
64KB

Download