dcrat | 8f1ccf4c080f4797ec19628b3fb20250a9b97c2fd3e655fd1221b0560fec8dfc

Analysis

max time kernel
148s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17/01/2025, 07:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7EF00ACFC8DF431C545E07F3D4862E2A.exe
Size

3.4MB
MD5

7ef00acfc8df431c545e07f3d4862e2a
SHA1

c9623ec807abb692cae9b4f41bc964ada568f4a5
SHA256

8f1ccf4c080f4797ec19628b3fb20250a9b97c2fd3e655fd1221b0560fec8dfc
SHA512

878964774c9436646a410e10a37b95ea6ae23aaa42d172bb85c78b3082d7424b7c266ebce1a12466665aea54546d0956d3b2d0d7261143fb71f86a3f8c756ba8
SSDEEP

98304:Gp5lanw2dJ20UXYpNUihy2F8ij2cFlwVF3XlMX:GpGnw2dA0UUUiYiR+FFk

Score

10^/10

dcrat discovery infostealer rat

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

DCRat payload 2 IoCs

rat

resource	yara_rule
behavioral2/files/0x0007000000023cc3-66.dat	family_dcrat_v2
behavioral2/memory/1236-67-0x0000000000060000-0x0000000000282000-memory.dmp	family_dcrat_v2

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Installer.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	7EF00ACFC8DF431C545E07F3D4862E2A.exe

Executes dropped EXE 10 IoCs

pid	Process
1888	7z.exe
4324	7z.exe
2280	7z.exe
2840	7z.exe
1564	7z.exe
1248	7z.exe
2992	7z.exe
5080	7z.exe
1236	Installer.exe
3636	dllhost.exe

Loads dropped DLL 8 IoCs

pid	Process
1888	7z.exe
4324	7z.exe
2280	7z.exe
2840	7z.exe
1564	7z.exe
1248	7z.exe
2992	7z.exe
5080	7z.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Multimedia Platform\0a1fd5f707cd16	Installer.exe
File created	C:\Program Files\7-Zip\dllhost.exe	Installer.exe
File opened for modification	C:\Program Files (x86)\Windows Photo Viewer\es-ES\TextInputHost.exe	Installer.exe
File created	C:\Program Files\ModifiableWindowsApps\smss.exe	Installer.exe
File created	C:\Program Files (x86)\Windows Defender\uk-UA\services.exe	Installer.exe
File created	C:\Program Files (x86)\Windows Multimedia Platform\sppsvc.exe	Installer.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\TextInputHost.exe	Installer.exe
File created	C:\Program Files (x86)\Windows Photo Viewer\es-ES\22eafd247d37c3	Installer.exe
File created	C:\Program Files (x86)\Windows Defender\uk-UA\c5b4cb5e9653cc	Installer.exe
File created	C:\Program Files\7-Zip\5940a34987c991	Installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7EF00ACFC8DF431C545E07F3D4862E2A.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	Installer.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
1236	Installer.exe
3636	dllhost.exe
3636	dllhost.exe
3636	dllhost.exe
3636	dllhost.exe
3636	dllhost.exe
3636	dllhost.exe
3636	dllhost.exe
3636	dllhost.exe

Suspicious use of AdjustPrivilegeToken 34 IoCs

description	pid	Process
Token: SeRestorePrivilege	1888	7z.exe
Token: 35	1888	7z.exe
Token: SeSecurityPrivilege	1888	7z.exe
Token: SeSecurityPrivilege	1888	7z.exe
Token: SeRestorePrivilege	4324	7z.exe
Token: 35	4324	7z.exe
Token: SeSecurityPrivilege	4324	7z.exe
Token: SeSecurityPrivilege	4324	7z.exe
Token: SeRestorePrivilege	2280	7z.exe
Token: 35	2280	7z.exe
Token: SeSecurityPrivilege	2280	7z.exe
Token: SeSecurityPrivilege	2280	7z.exe
Token: SeRestorePrivilege	2840	7z.exe
Token: 35	2840	7z.exe
Token: SeSecurityPrivilege	2840	7z.exe
Token: SeSecurityPrivilege	2840	7z.exe
Token: SeRestorePrivilege	1564	7z.exe
Token: 35	1564	7z.exe
Token: SeSecurityPrivilege	1564	7z.exe
Token: SeSecurityPrivilege	1564	7z.exe
Token: SeRestorePrivilege	1248	7z.exe
Token: 35	1248	7z.exe
Token: SeSecurityPrivilege	1248	7z.exe
Token: SeSecurityPrivilege	1248	7z.exe
Token: SeRestorePrivilege	2992	7z.exe
Token: 35	2992	7z.exe
Token: SeSecurityPrivilege	2992	7z.exe
Token: SeSecurityPrivilege	2992	7z.exe
Token: SeRestorePrivilege	5080	7z.exe
Token: 35	5080	7z.exe
Token: SeSecurityPrivilege	5080	7z.exe
Token: SeSecurityPrivilege	5080	7z.exe
Token: SeDebugPrivilege	1236	Installer.exe
Token: SeDebugPrivilege	3636	dllhost.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 4752 wrote to memory of 3432	4752	7EF00ACFC8DF431C545E07F3D4862E2A.exe	83
PID 4752 wrote to memory of 3432	4752	7EF00ACFC8DF431C545E07F3D4862E2A.exe	83
PID 3432 wrote to memory of 2080	3432	cmd.exe	85
PID 3432 wrote to memory of 2080	3432	cmd.exe	85
PID 3432 wrote to memory of 1888	3432	cmd.exe	86
PID 3432 wrote to memory of 1888	3432	cmd.exe	86
PID 3432 wrote to memory of 4324	3432	cmd.exe	87
PID 3432 wrote to memory of 4324	3432	cmd.exe	87
PID 3432 wrote to memory of 2280	3432	cmd.exe	88
PID 3432 wrote to memory of 2280	3432	cmd.exe	88
PID 3432 wrote to memory of 2840	3432	cmd.exe	89
PID 3432 wrote to memory of 2840	3432	cmd.exe	89
PID 3432 wrote to memory of 1564	3432	cmd.exe	90
PID 3432 wrote to memory of 1564	3432	cmd.exe	90
PID 3432 wrote to memory of 1248	3432	cmd.exe	91
PID 3432 wrote to memory of 1248	3432	cmd.exe	91
PID 3432 wrote to memory of 2992	3432	cmd.exe	92
PID 3432 wrote to memory of 2992	3432	cmd.exe	92
PID 3432 wrote to memory of 5080	3432	cmd.exe	93
PID 3432 wrote to memory of 5080	3432	cmd.exe	93
PID 3432 wrote to memory of 4768	3432	cmd.exe	94
PID 3432 wrote to memory of 4768	3432	cmd.exe	94
PID 3432 wrote to memory of 1236	3432	cmd.exe	95
PID 3432 wrote to memory of 1236	3432	cmd.exe	95
PID 1236 wrote to memory of 4848	1236	Installer.exe	96
PID 1236 wrote to memory of 4848	1236	Installer.exe	96
PID 4848 wrote to memory of 5096	4848	cmd.exe	98
PID 4848 wrote to memory of 5096	4848	cmd.exe	98
PID 4848 wrote to memory of 1832	4848	cmd.exe	99
PID 4848 wrote to memory of 1832	4848	cmd.exe	99
PID 4848 wrote to memory of 3636	4848	cmd.exe	107
PID 4848 wrote to memory of 3636	4848	cmd.exe	107

Views/modifies file attributes 1 TTPs 1 IoCs

evasion

Hidden Files and Directories

T1564.001

pid	Process
4768	attrib.exe

C:\Users\Admin\AppData\Local\Temp\7EF00ACFC8DF431C545E07F3D4862E2A.exe
"C:\Users\Admin\AppData\Local\Temp\7EF00ACFC8DF431C545E07F3D4862E2A.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4752
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\main\main.bat" /S"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3432
- - C:\Windows\system32\mode.com
    mode 65,10
    3⤵
    PID:2080
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e file.zip -p4658306642333125776751625289 -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1888
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_7.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:4324
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_6.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2280
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_5.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2840
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_4.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1564
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_3.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:1248
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_2.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:2992
- - C:\Users\Admin\AppData\Local\Temp\main\7z.exe
    7z.exe e extracted/file_1.zip -oextracted
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of AdjustPrivilegeToken
    PID:5080
- - C:\Windows\system32\attrib.exe
    attrib +H "Installer.exe"
    3⤵
    - Views/modifies file attributes
    PID:4768
- - C:\Users\Admin\AppData\Local\Temp\main\Installer.exe
    "Installer.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Drops file in Program Files directory
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:1236
  - - C:\Windows\System32\cmd.exe
      "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\T2vtV8UR4m.bat"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:4848
    - - C:\Windows\system32\chcp.com
        
        chcp 65001
        5⤵
        
        PID:5096
    - - C:\Windows\system32\w32tm.exe
        
        w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
        5⤵
        
        PID:1832
    - - C:\Program Files\7-Zip\dllhost.exe
        
        "C:\Program Files\7-Zip\dllhost.exe"
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3636

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\T2vtV8UR4m.bat

Filesize
210B

MD5
ffb80b587a3d4ae7ada4eed5fbda3460

SHA1
b0d46d2a9463cdbd83de387dca28eb0e50e12a4c

SHA256
ec611f4444aa911bd80ebb280bfb55bfa86d9aec305c440dfc87c30499374913

SHA512
e9979440d2f3b5161486d6c6e0a05b44b1ee7edfa0650c9a3f8952be025b3ab7f57132bc34ef1c87638102ba87724b6efde574093989aa4deaf33849d22c1367

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.dll

Filesize
1.6MB

MD5
72491c7b87a7c2dd350b727444f13bb4

SHA1
1e9338d56db7ded386878eab7bb44b8934ab1bc7

SHA256
34ad9bb80fe8bf28171e671228eb5b64a55caa388c31cb8c0df77c0136735891

SHA512
583d0859d29145dfc48287c5a1b459e5db4e939624bd549ff02c61eae8a0f31fc96a509f3e146200cdd4c93b154123e5adfbfe01f7d172db33968155189b5511

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\7z.exe

Filesize
458KB

MD5
619f7135621b50fd1900ff24aade1524

SHA1
6c7ea8bbd435163ae3945cbef30ef6b9872a4591

SHA256
344f076bb1211cb02eca9e5ed2c0ce59bcf74ccbc749ec611538fa14ecb9aad2

SHA512
2c7293c084d09bc2e3ae2d066dd7b331c810d9e2eeca8b236a8e87fdeb18e877b948747d3491fcaff245816507685250bd35f984c67a43b29b0ae31ecb2bd628

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\Installer.exe

Filesize
2.1MB

MD5
b4036128c7ff4c734044f5e9e7ba53b5

SHA1
40968864998e8488f883138c9fd228e2d2bb33b1

SHA256
00a3e3ff92bd1b3940b91e4f5cda30d2afa2e93c90220b91d56037ea7ec75940

SHA512
c5fde840ffc57786223cf49874033b84caa60e4ae6b92bcd7497ceef62e717917d3e55f8372ec2df0d5fe6262dbbb6e3b63a459e97b6032b1ac7b1dba9092acf

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\ANTIAV~1.DAT

Filesize
2.2MB

MD5
a497aa5dab56231fe698956b60508693

SHA1
3889f5a43a4069bd012e542e019bc7e4c03074df

SHA256
4eb57fc22fa4b6d1ab6e3a6aa5a72d3ddfca049cb5d5077c18c9e57d60f3df6c

SHA512
9a3ea2e5b4fc3049e718a6b98876db4fa3ffeb075385a733415f449eabda2c40b289cb1fa1bd630d269af6a82b88997f37ccbf8e6c17198ed298571027a4cbf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_1.zip

Filesize
943KB

MD5
6fba6fdd825cd10f8a9014b87c8fe4ab

SHA1
330433fcdc4149fb4368286830b41064901a65c3

SHA256
155c1c2d7435cdeba2f618d83a635fb4aa5a71a18ed500e32b589e5906971802

SHA512
1e1fe06e99f13e1995aa042a8467e504bc294436feb7d40519b6a374d534c75b1dc313f6ff83d61ceac821ae3e8af3f6b2e376a9a9f14ed8dcd7b10185cbf97f

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_2.zip

Filesize
943KB

MD5
acbcfacf26e4bbe3a6e6a3ef8aacfd1b

SHA1
3b18efc7446c88cf80a6d122e0236038eff81ecb

SHA256
165c5371ef9924bdfea8b3a1f54f6ae0f8b72d85898ff76f4a8d77d57907a878

SHA512
7de4a4aa602a361a21e6c5a8cbe786ca6fae643a0cf5ca7a1e54be06c145e68bda81c8d0e2961f3673c1a87ddb1bb8e245e8ea0a2c82edd21eacc9f9080a2a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_3.zip

Filesize
943KB

MD5
c8dccfc008a1e7cdbc20758a41ec042c

SHA1
f1ab82c8c4fdfdd86d7e59990a67b83eab0fb3f3

SHA256
a6ccce53e150338685f92bec51168933276fdaecb11f701ef2e8da4257275f82

SHA512
ca0183b650c27aedfc17f1ea4d96d4f03ce3d99ca62f52586ab1d8e18b45a66ba72540fac8fa3dffa05fefe984d1840d785e802bfe52e5f84a458b34c4492d65

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_4.zip

Filesize
944KB

MD5
cf31e10d32847fb6513ab6ca8c92664b

SHA1
cb2342b36a8d7bf479834e1fdc765c3548aa4342

SHA256
3ce2ed9b784c0f53ea48f3719fa06668aed3077ce1a37bcafd36773eddc2feea

SHA512
7aed841f6c23166f4738817630d6aa430e2533ff7cb50146520df8bd075115aafa44fa9fa813bf1e49414534ddbd59d81154f682372cc7cd968d3458527be280

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_5.zip

Filesize
944KB

MD5
40d34a2a420216efe29a46b4fcbaf150

SHA1
1a76914f91ecac48572bff39d52224755a6756c3

SHA256
a69516782c40c05dde2a64c9da3dbcf3c7abffb37408be8bff27bdb66d5baef5

SHA512
474a64711402dfcb5199f4fdc88cae4f296f7c7d843752ab2357a519edefa7a9da5a39379d72f2fc595474d0fbad39a7ccc7ebbdc77e372536225380c3120a4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_6.zip

Filesize
944KB

MD5
c3894a9664a7d4ccc62ffca6f9109906

SHA1
031fa3e3ae6d43cd1e0b6fa8391d5b30ec967bea

SHA256
b711f0a16a61d789d4624f78fd20849b1d1e83f4037d4242a493ab485229a03e

SHA512
91aba6158052176b049ccfe3afb19f770f4a71a558e5fb3012af517a8d290b92663bcd207dd39fb196386da4c532f3c9b6fe285c73f644638ed847c82357f42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\extracted\file_7.zip

Filesize
2.5MB

MD5
31d6dd52fc392847b5bdf13199f8c74b

SHA1
b411cffbca67cca0cb1ff8d0edd36b0afc0fe6e3

SHA256
68d36fcb6d5cdc955a9bea92de0019e87b5dce5b26e6534b110c3648ae53b4a1

SHA512
cdb3886b6e1d8bf75ac0e215719542053435d809d76703fe669f6d2e6982fa5588d508bc3885fac9c23bf0917a2e1556fecfd61e6ade5cb3b0b6d45bdc9d133d

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\file.bin

Filesize
2.5MB

MD5
d8d494a5e14177ece568b03e5fa2951b

SHA1
80569f8b248efe1a7f4d8cddc636baa03fa01224

SHA256
4caebcd0acccc1e631adbd0648a1c63e4baedb1c1e068f77513833e5651a530e

SHA512
d31e18053e2e2ed03d397a2232a2a22967b9c1147cea068cdc81132173ec084bc43140df51a558f512d6d063e1a35c29af131da97b988a7f4a5569968269e745

Download Submit
C:\Users\Admin\AppData\Local\Temp\main\main.bat

Filesize
474B

MD5
051802bd0f6ae25a7307ebe5ce07484b

SHA1
56a79893d916411ad24bf56a5efae06053b069e2

SHA256
7b436db4aa8b38625f783e2dc8a750e071585ab4e52a86ab61cabbbbe0869cbe

SHA512
5f0ec679ec4d4c920f4fcb00f993c372aef7e1236ebdef1ceef8e19de7b6bcd6138eb3f98563327d3216cc69ae1bd53b9a15190543890b7d480c25ceb2cee3fe

Download Submit
memory/1236-81-0x000000001AE00000-0x000000001AE0E000-memory.dmp

Filesize
56KB

Download
memory/1236-71-0x000000001AD90000-0x000000001ADE0000-memory.dmp

Filesize
320KB

Download
memory/1236-83-0x000000001B950000-0x000000001B99E000-memory.dmp

Filesize
312KB

Download
memory/1236-79-0x000000001B8F0000-0x000000001B94A000-memory.dmp

Filesize
360KB

Download
memory/1236-78-0x000000001ADE0000-0x000000001ADF0000-memory.dmp

Filesize
64KB

Download
memory/1236-77-0x000000001AD80000-0x000000001AD90000-memory.dmp

Filesize
64KB

Download
memory/1236-75-0x000000001AD60000-0x000000001AD76000-memory.dmp

Filesize
88KB

Download
memory/1236-74-0x000000001AD50000-0x000000001AD62000-memory.dmp

Filesize
72KB

Download
memory/1236-72-0x0000000002340000-0x0000000002358000-memory.dmp

Filesize
96KB

Download
memory/1236-82-0x000000001AE10000-0x000000001AE28000-memory.dmp

Filesize
96KB

Download
memory/1236-70-0x0000000002210000-0x000000000222C000-memory.dmp

Filesize
112KB

Download
memory/1236-69-0x0000000002200000-0x000000000220E000-memory.dmp

Filesize
56KB

Download
memory/1236-68-0x00000000021E0000-0x0000000002206000-memory.dmp

Filesize
152KB

Download
memory/1236-80-0x000000001ADF0000-0x000000001AE00000-memory.dmp

Filesize
64KB

Download
memory/1236-76-0x000000001AD70000-0x000000001AD7E000-memory.dmp

Filesize
56KB

Download
memory/1236-73-0x000000001AD40000-0x000000001AD4E000-memory.dmp

Filesize
56KB

Download
memory/1236-67-0x0000000000060000-0x0000000000282000-memory.dmp

Filesize
2.1MB

Download
memory/3636-104-0x0000000000A00000-0x0000000000A12000-memory.dmp

Filesize
72KB

Download