Overview

overview

10

Static

static

10

The-MALWAR...MZ.exe

windows7-x64

6

The-MALWAR...MZ.exe

windows10-2004-x64

The-MALWAR...MZ.exe

android-9-x86

The-MALWAR...MZ.exe

android-10-x64

The-MALWAR...MZ.exe

android-11-x64

The-MALWAR...MZ.exe

macos-10.15-amd64

4

The-MALWAR...re.apk

android-9-x86

The-MALWAR...or.exe

windows7-x64

The-MALWAR...or.exe

windows10-2004-x64

The-MALWAR...or.exe

android-9-x86

The-MALWAR...or.exe

android-10-x64

The-MALWAR...or.exe

android-11-x64

The-MALWAR...or.exe

macos-10.15-amd64

1

The-MALWAR...te.apk

android-9-x86

The-MALWAR...te.apk

android-10-x64

The-MALWAR...te.apk

android-11-x64

The-MALWAR...en.apk

android-9-x86

The-MALWAR...en.apk

android-10-x64

The-MALWAR...en.apk

android-11-x64

The-MALWAR...4a.apk

android-9-x86

The-MALWAR...4a.apk

android-10-x64

The-MALWAR...4a.apk

android-11-x64

The-MALWAR...at.exe

windows7-x64

1

The-MALWAR...at.exe

windows10-2004-x64

3

The-MALWAR...at.exe

android-9-x86

The-MALWAR...at.exe

android-10-x64

The-MALWAR...at.exe

android-11-x64

The-MALWAR...at.exe

macos-10.15-amd64

1

Analysis

  • max time kernel
    25s
  • max time network
    32s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    14-12-2024 20:44

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    The-MALWARE-Repo-master/Trojan/MrsMajors/BossDaMajor/BossDaMajor.exe

  • Size

    1.9MB

  • MD5

    38ff71c1dee2a9add67f1edb1a30ff8c

  • SHA1

    10f0defd98d4e5096fbeb321b28d6559e44d66db

  • SHA256

    730a41a7656f606a22e9f0d68782612d6e00ab8cfe1260160b9e0b00bc2e442a

  • SHA512

    8347782951f2647fe433482cb13186653afa32ee9f5be83a138c4ed47ff34d8de66a26e74b5a28ea21c1529b2078401922a9a26803772677b70489967c10f3e9

  • SSDEEP

    49152:veG3J7FtM9SbJakTiTBMGSARaspyyx979PSxgKFdGlYU:2GZxSoJrTiTBMGtRa8t7EFddU

Score
10/10
defense_evasiondiscoveryevasionpersistenceprivilege_escalationtrojan

Malware Config

Signatures

  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • UAC bypass 3 TTPs 1 IoCs
    evasiontrojan
  • Disables RegEdit via registry modification 1 IoCs
    evasion
  • Disables Task Manager via registry modification
    evasion
  • Checks computer location settings 2 TTPs 3 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Modifies system executable filetype association 2 TTPs 2 IoCs
    persistence
  • Drops desktop.ini file(s) 7 IoCs
  • Enumerates connected drives 3 TTPs 46 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 16 IoCs
  • Drops file in Windows directory 2 IoCs
  • Access Token Manipulation: Create Process with Token 1 TTPs 1 IoCs
    defense_evasionprivilege_escalation
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Modifies Control Panel 4 IoCs
    evasion
  • Modifies data under HKEY_USERS 15 IoCs
  • Modifies registry class 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 16 IoCs
  • System policy modification 1 TTPs 2 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe
    "C:\Users\Admin\AppData\Local\Temp\The-MALWARE-Repo-master\Trojan\MrsMajors\BossDaMajor\BossDaMajor.exe"
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:112
    • C:\Windows\system32\wscript.exe
      "C:\Windows\sysnative\wscript.exe" C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\C2B5.vbs
      2⤵
      • Checks computer location settings
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:1456
      • C:\Windows\System32\notepad.exe
        "C:\Windows\System32\notepad.exe"
        3⤵
          PID:2792
        • C:\Windows\System32\wscript.exe
          "C:\Windows\System32\wscript.exe" "C:\Program files\mrsmajor\mrsmajorlauncher.vbs" RunAsAdministrator
          3⤵
          • Modifies WinLogon for persistence
          • UAC bypass
          • Disables RegEdit via registry modification
          • Checks computer location settings
          • Modifies system executable filetype association
          • Drops file in Program Files directory
          • Access Token Manipulation: Create Process with Token
          • Modifies Control Panel
          • Modifies registry class
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:1760
          • C:\Program Files (x86)\Windows Media Player\wmplayer.exe
            "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" "C:\Program Files\mrsmajor\def_resource\f11.mp4"
            4⤵
            • Drops desktop.ini file(s)
            • Enumerates connected drives
            • System Location Discovery: System Language Discovery
            • Modifies registry class
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:4128
            • C:\Windows\SysWOW64\unregmp2.exe
              "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
              5⤵
              • System Location Discovery: System Language Discovery
              • Suspicious use of WriteProcessMemory
              PID:3984
              • C:\Windows\system32\unregmp2.exe
                "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
                6⤵
                • Enumerates connected drives
                • Suspicious use of AdjustPrivilegeToken
                PID:3764
          • C:\Windows\System32\shutdown.exe
            "C:\Windows\System32\shutdown.exe" -r -t 03
            4⤵
            • Suspicious use of AdjustPrivilegeToken
            PID:2060
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
      1⤵
      • Drops file in Windows directory
      PID:4012
    • C:\Windows\system32\AUDIODG.EXE
      C:\Windows\system32\AUDIODG.EXE 0x2d0 0x51c
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      PID:4408
    • C:\Windows\system32\LogonUI.exe
      "LogonUI.exe" /flags:0x4 /state0:0xa38d3055 /state1:0x41c64e6d
      1⤵
      • Modifies data under HKEY_USERS
      • Suspicious use of SetWindowsHookEx
      PID:5100

    Network

    MITRE ATT&CK Enterprise v15

    Reconnaissance

    Resource Development

    Initial Access

    Execution

    Persistence

    Boot or Logon Autostart Execution

    1
    T1547

    Winlogon Helper DLL

    1
    T1547.004

    Event Triggered Execution

    1
    T1546

    Change Default File Association

    1
    T1546.001

    Privilege Escalation

    Abuse Elevation Control Mechanism

    1
    T1548

    Bypass User Account Control

    1
    T1548.002

    Access Token Manipulation

    1
    T1134

    Create Process with Token

    1
    T1134.002

    Boot or Logon Autostart Execution

    1
    T1547

    Winlogon Helper DLL

    1
    T1547.004

    Event Triggered Execution

    1
    T1546

    Change Default File Association

    1
    T1546.001

    Defense Evasion

    Abuse Elevation Control Mechanism

    1
    T1548

    Bypass User Account Control

    1
    T1548.002

    Access Token Manipulation

    1
    T1134

    Create Process with Token

    1
    T1134.002

    Impair Defenses

    1
    T1562

    Disable or Modify Tools

    1
    T1562.001

    Modify Registry

    4
    T1112

    Credential Access

    Discovery

    Peripheral Device Discovery

    1
    T1120

    Query Registry

    2
    T1012

    System Information Discovery

    3
    T1082

    System Location Discovery

    1
    T1614

    System Language Discovery

    1
    T1614.001

    Lateral Movement

    Collection

    Command and Control

    Exfiltration

    Impact

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      640KB

      MD5

      42d2a73c6ed9ee1d31d3e65b7e090cd7

      SHA1

      7cde2be7e46a595fc90beb911659604cac5e7857

      SHA256

      8135d3ccd09d1aecbb7f341186753195a4e74ccfda403e29b455eb8d18ccfc2e

      SHA512

      843ecadde6c5b46fba9def8ea567b691b01f851d65fe9625d7f5dbce7e18e38038086c87387d8b0909a5aa3cc4ebddd71133eb63c2988e03a455e427c3cfcb2c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
      Filesize

      1024KB

      MD5

      3223754da69a4e31b54421f0280d58a2

      SHA1

      42c06589fecc20c02fed77543777dc501c0d1f94

      SHA256

      b76b07ab453e519629d826bbe2cb81d7d9df7cd3ff260a77da517b902d46f58c

      SHA512

      72183c35fda60e308bfd3ff24bee5be1d2fd12410120cdf0ae127fe234a48311c1d4211bf5f013fd585bf8da62a8fc5e998fa6627faf60f43e36c865d576db07

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb
      Filesize

      68KB

      MD5

      193d4b7bb696c3d21d1c3d22e3761877

      SHA1

      82d98c123d7e1133d69d8c1f84f5a154f12f98fe

      SHA256

      fa16aa9da7abe70fe01abf740f14c97c12f40765c9fba5e542e130ac242c8c53

      SHA512

      108fb29f05db9491bf0a26e3999264d427b34c04941a3abfa55face3ef5121744fd34038efdac96156eb34e0313918836b1b2e3c15a964b648b7fb2337af47e2

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD
      Filesize

      498B

      MD5

      90be2701c8112bebc6bd58a7de19846e

      SHA1

      a95be407036982392e2e684fb9ff6602ecad6f1e

      SHA256

      644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

      SHA512

      d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
      Filesize

      9KB

      MD5

      5433eab10c6b5c6d55b7cbd302426a39

      SHA1

      c5b1604b3350dab290d081eecd5389a895c58de5

      SHA256

      23dbf7014e99e93af5f2760f18ee1370274f06a453145c8d539b66d798dad131

      SHA512

      207b40d6bec65ab147f963a5f42263ae5bf39857987b439a4fa1647bf9b40e99cdc43ff68b7e2463aa9a948284126ac3c9c7af8350c91134b36d8b1a9c61fd34

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\C2B5.vbs
      Filesize

      1007B

      MD5

      5706bc5d518069a3b2be5e6fac51b12f

      SHA1

      d7361f3623ecf05e63bb97cc9da8d5c50401575c

      SHA256

      8a74eead47657582c84209eb4cdba545404d9c67dd288c605515a86e06de0aad

      SHA512

      fb68727db0365ab10c5b0d5e5e1d44b95aa38806e33b0af3280abcefae83f30eb8252653e158ac941320f3b38507649cce41898c8511223ee8642339cfece047

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\CPUUsage.vbs
      Filesize

      92B

      MD5

      0e4c01bf30b13c953f8f76db4a7e857d

      SHA1

      b8ddbc05adcf890b55d82a9f00922376c1a22696

      SHA256

      28e69e90466034ce392e84db2bde3ad43ad556d12609e3860f92016641b2a738

      SHA512

      5e66e2793e7bc88066b8df3dccb554351287dea18207e280b69d7798ecd5cdc99bd4c126c3e394db9f45f54bb561e6688f928de4f638c5eca4f101dc2cea54a1

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\DreS_X.bat
      Filesize

      360B

      MD5

      ba81d7fa0662e8ee3780c5becc355a14

      SHA1

      0bd3d86116f431a43d02894337af084caf2b4de1

      SHA256

      2590879a8cd745dbbe7ad66a548f31375ccfb0f8090d56b5e4bd5909573ac816

      SHA512

      0b768995187f988dc15d055f9689cee3ab3908d10b05a625b40d9757c101e067bbd6067ccbcf1951ebb683f5259eec562802ea6161d59475ce86cf6bc7c957f2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\Icon_resource\SkullIco.ico
      Filesize

      244KB

      MD5

      c7bf05d7cb3535f7485606cf5b5987fe

      SHA1

      9d480d6f1e3f17d5018c1d2f4ae257ae983f0bb5

      SHA256

      4c1cfbe274f993941ac5fa512c376b6d7344800fb8be08cc6344e6c16a418311

      SHA512

      d30952a75d94dd64b7bd253ed72810690f3550f2262cfaaef45854fc8334f6201a8cbafb9b175c6435f7ce0499567f2fa8667b4b0046bfb651bf61eb4278e6c8

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\Launcher.vbs
      Filesize

      590B

      MD5

      b5a1c9ae4c2ae863ac3f6a019f556a22

      SHA1

      9ae506e04b4b7394796d5c5640b8ba9eba71a4a6

      SHA256

      6f0bb8cc239af15c9215867d6225c8ff344052aaa0deeb3452dbf463b8c46529

      SHA512

      a644c48562e38190720fb55a6c6e7d5ccfab60f362236fe7d63caebdc01758f17196d123fb37bd11f7e247ce8ab21812165b27496d3bd6ca5e2c5efefab8fb03

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\MrsMjrGui.exe
      Filesize

      71KB

      MD5

      450f49426b4519ecaac8cd04814c03a4

      SHA1

      063ee81f46d56544a5c217ffab69ee949eaa6f45

      SHA256

      087fca40e079746b9c1dfaf777d3994c0321ea8f69d08238cdfc02fb109add1d

      SHA512

      0cae15d863120f4edc6b6dabfe2f0f3d2e028057025d7d5ffe615cde8144f29bdaf099850e91e101e95d13f8a83cb1410a06172dda25a5f92967abcbc8453cbc

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\MrsMjrGuiLauncher.bat
      Filesize

      98B

      MD5

      c7146f88f4184c6ee5dcf7a62846aa23

      SHA1

      215adb85d81cc4130154e73a2ab76c6e0f6f2ff3

      SHA256

      47e6c9f62ffc41fbc555f8644ad099a96573c8c023797127f78b1a952ca1b963

      SHA512

      3b30fa1334b88af3e3382813d316104e3698173bb159c20ff3468cf3494ecfbbc32a9ae78b4919ecd47c05d506435af4a7ccee0576c0d0018a81fbd1b2dfcf10

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\WinLogon.bat
      Filesize

      117B

      MD5

      870bce376c1b71365390a9e9aefb9a33

      SHA1

      176fdbdb8e5795fb5fddc81b2b4e1d9677779786

      SHA256

      2798dad008f62aace1841edfb43146147a9cade388c419c96da788fcaa2f76bc

      SHA512

      f17c9898f81387daf42c9b858f507889919474ac2a17f96fc6d4606be94327e0b941b23a3ccc3f4af92b8abc0522e94745616da0564cdef1c3f20ee17ee31f53

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\@Tile@@.jpg
      Filesize

      7KB

      MD5

      3e21bcf0d1e7f39d8b8ec2c940489ca2

      SHA1

      fa6879a984d70241557bb0abb849f175ace2fd78

      SHA256

      064f135fcc026a574552f42901b51052345f4b0f122edd7acd5f2dcc023160a5

      SHA512

      5577e20f76d6b1cccc513392532a09bdc6dcd3a8a177b8035dc5d7eb082e0093436068f92059e301c5987e6122c4d9aff3e5ae9cc94ccc1ecc9951e2785b0922

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\Skullcur.cur
      Filesize

      3KB

      MD5

      cea57c3a54a04118f1db9db8b38ea17a

      SHA1

      112d0f8913ff205776b975f54639c5c34ce43987

      SHA256

      d2b6db8b28112da51e34972dec513278a56783d24b8b5408f11997e9e67d422b

      SHA512

      561860907fa2f53c7853094299758232a70c0cd22c6df3534abd094c6970f28792c6c334a33b129d661a46930d90fd8c98f11cb34f3e277cf20a355b792f64f0

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\creepysound.mp3
      Filesize

      1.2MB

      MD5

      4a9b1d8a8fe8a75c81ddba3e411ddc5d

      SHA1

      e40cb1ee4490f6d7520902e12222446a8efbf9a8

      SHA256

      79e9a3611494b5ffafaa79788ba7e11dd218e3800c40b56684ccc0c33ab64eac

      SHA512

      e7a28acb04ca33d57efe0474bb67d6d4b8ceff9198198b81574c76c835d5df05d113fc468f4a4434580b1b58189f38184c376976604dc05d1424af1721995601

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\def_resource\f11.mp4
      Filesize

      227KB

      MD5

      17042b9e5fc04a571311cd484f17b9eb

      SHA1

      585d91c69c3f9e3d2e8cb8cf984871d89cc4adbb

      SHA256

      a9b0f1f849e0b41924f5e80b0c4948e63fc4b4f335bbdf0f997b03a3aff55424

      SHA512

      709076c6cef8dd61701c93e1fe331d2b1a218498b833db10ee4d2be0816e3444aeebfa092ab1bd10322617cf3385414e8fdb76fd90f25b44ac24d38937b4d47f

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\default.txt
      Filesize

      266B

      MD5

      30cfd8bb946a7e889090fb148ea6f501

      SHA1

      c49dbc93f0f17ff65faf3b313562c655ef3f9753

      SHA256

      e1ebbd3abfcaddf7d6960708f3ccd8eda64c944723f0905ff76551c692b94210

      SHA512

      8e7d98e6d0c05d199114d2d6ab8da886aed68de690c4d79643868eaf051c229fff94c88d937adb3da5e31fe48116613cf79dd00dda30f296746ce0a8aded9fe2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\mrsmajorlauncher.vbs
      Filesize

      3KB

      MD5

      e3fdf285b14fb588f674ebfc2134200c

      SHA1

      30fba2298b6e1fade4b5f9c8c80f7f1ea07de811

      SHA256

      4d3aa3ecd16a6ba46a9d6c0bdacdcd9dce70d93585941a94e544696e3e6f7d92

      SHA512

      9b0bfbb07c77d9e9979a6c0f88b0a93010133f7dd3cf01e1de5dfbe812a5ed920e916d16d6a32fe21b9ee4b5425e61a616ded1aeeb35a410d4f77c0f9392ed0a

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\C2B4.tmp\mrsmajor\reStart.vbs
      Filesize

      638B

      MD5

      0851e8d791f618daa5b72d40e0c8e32b

      SHA1

      80bea0443dc4cc508e846fefdb9de6c44ad8ff91

      SHA256

      2cbd8bc239c5cfc3ef02f8472d867dff61e5aed9fde8a3823cda28cc37d77722

      SHA512

      57a9d1d75dbbab842060b29f01958f7e6b27d0175ff9a3f7b97e423c1b4e3fae94547a569c2e5c88224fc5dcc785f5a1d49c61199a8c7b3afeb4fc520600df40

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\wmsetup.log
      Filesize

      1KB

      MD5

      832b024f796f2ac7689cdb8c61e90697

      SHA1

      ab66378a7c4a5b134318cb17bb308faf76fe01fa

      SHA256

      3cbdbd0ca9a89f007c5fecaf90e9b9c05aa55dc6538e958af39e9181f458b156

      SHA512

      1d594aac0d041d710d1869ba145fc22af581fe91b03d768ea9b1cc6a26c683bb21a6f65ea828c5dda6903a60d66b1485b7a99fb580d866ae3110e87b8a5fe6a2

      Download Submit

    • C:\Users\Admin\Desktop\MRS MAJOR WANTS TO MEET YOU 1.txt
      Filesize

      27B

      MD5

      e20f623b1d5a781f86b51347260d68a5

      SHA1

      7e06a43ba81d27b017eb1d5dcc62124a9579f96e

      SHA256

      afeebe824fc4a955a673d3d8569a0b49dfbc43c6cc1d4e3d66d9855c28a7a179

      SHA512

      2e74cccdd158ce1ffde84573d43e44ec6e488d00282a661700906ba1966ad90968a16c405a9640b9d33db03b33753733c9b7078844b0f6ac3af3de0c3c044c0b

      Download Submit

    • memory/4128-144-0x0000000004CF0000-0x0000000004D00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4128-143-0x0000000004CF0000-0x0000000004D00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4128-146-0x0000000007550000-0x0000000007560000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4128-147-0x0000000004CF0000-0x0000000004D00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4128-148-0x0000000004CF0000-0x0000000004D00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4128-145-0x0000000004CF0000-0x0000000004D00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4128-142-0x0000000004CF0000-0x0000000004D00000-memory.dmp

      Filesize

      64KB

      Download