Overview

overview

10

Static

static

10

2025-03-28...ry.exe

windows7-x64

10

2025-03-28...ry.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    134s
  • max time network
    123s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    29/03/2025, 00:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2025-03-28_4c0e5c4aa3eb66907cf32b7bd869dd8f_wannacry.exe

  • Size

    1.6MB

  • MD5

    4c0e5c4aa3eb66907cf32b7bd869dd8f

  • SHA1

    2f97ad58991c727a897f4613e00d6b24a3300a85

  • SHA256

    31aa2f05a7cd0b81002336c0f0b5397415b9ee70250862f91215e2bc4bb571d8

  • SHA512

    56ddad28ad605fe95b4b8f1ea00a130db1e07e082391ce2a1c8336d4ee6f177d1d9806b8a5e200ddc2bf7319f9ba44f194cb48f52f3e9f2c689e7d9b502eea51

  • SSDEEP

    24576:T1I8mdFc9nPV3EouDm6BkNEnzC5CW78UV:OFc3C37zCyG

Score
10/10
chaosdefense_evasionevasionexecutionimpactpersistenceransomwarespywarestealer

Malware Config

Extracted

Path

C:\ProgramData\Adobe\Updater6\read_it.txt

Ransom Note
Don't worry, you can return all your files! All your files like documents, photos, databases and other important are encrypted What guarantees do we give to you? You can send 3 of your encrypted files and we decrypt it for free. You must follow these steps To decrypt your files : 1) Write on our e-mail :[email protected] ( In case of no answer in 24 hours check your spam folder or write us to this e-mail: [email protected]) 2) Obtain Bitcoin (You have to pay for decryption in Bitcoins. After payment we will send you the tool that will decrypt all your files.)

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 3 IoCs
  • Chaos family
    chaos
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Boot or Logon Autostart Execution: Active Setup 2 TTPs 1 IoCs

    Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.

    persistence
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Disables Task Manager via registry modification
    defense_evasion
  • Drops startup file 2 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 64 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies registry class 5 IoCs
  • Opens file in notepad (likely ransom note) 1 IoCs
    ransomware
  • Suspicious behavior: AddClipboardFormatListener 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 60 IoCs
  • Suspicious use of FindShellTrayWindow 31 IoCs
  • Suspicious use of SendNotifyMessage 27 IoCs
  • Suspicious use of WriteProcessMemory 30 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\2025-03-28_4c0e5c4aa3eb66907cf32b7bd869dd8f_wannacry.exe
    "C:\Users\Admin\AppData\Local\Temp\2025-03-28_4c0e5c4aa3eb66907cf32b7bd869dd8f_wannacry.exe"
    1⤵
    • Suspicious behavior: AddClipboardFormatListener
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2960
    • C:\Users\Admin\AppData\Roaming\svchost.exe
      "C:\Users\Admin\AppData\Roaming\svchost.exe"
      2⤵
      • Drops startup file
      • Executes dropped EXE
      • Adds Run key to start application
      • Drops desktop.ini file(s)
      • Sets desktop wallpaper using registry
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2804
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2724
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          4⤵
          • Interacts with shadow copies
          PID:2764
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:2628
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:660
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} bootstatuspolicy ignoreallfailures
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:400
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} recoveryenabled no
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:1284
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1612
        • C:\Windows\system32\wbadmin.exe
          wbadmin delete catalog -quiet
          4⤵
          • Deletes backup catalog
          PID:2028
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_it.txt
        3⤵
        • Opens file in notepad (likely ransom note)
        PID:1456
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2860
  • C:\Windows\system32\wbengine.exe
    "C:\Windows\system32\wbengine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2872
  • C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vdsldr.exe -Embedding
    1⤵
      PID:1980
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
        PID:2440
      • C:\Windows\explorer.exe
        explorer.exe
        1⤵
        • Boot or Logon Autostart Execution: Active Setup
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:2920

      Network

      MITRE ATT&CK Enterprise v15

      Reconnaissance

      Resource Development

      Initial Access

      Execution

      Command and Scripting Interpreter

      1
      T1059

      Windows Management Instrumentation

      1
      T1047

      Persistence

      Boot or Logon Autostart Execution

      2
      T1547

      Active Setup

      1
      T1547.014

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Privilege Escalation

      Boot or Logon Autostart Execution

      2
      T1547

      Active Setup

      1
      T1547.014

      Registry Run Keys / Startup Folder

      1
      T1547.001

      Defense Evasion

      Direct Volume Access

      1
      T1006

      Indicator Removal

      3
      T1070

      File Deletion

      3
      T1070.004

      Modify Registry

      3
      T1112

      Credential Access

      Credentials from Password Stores

      1
      T1555

      Credentials from Web Browsers

      1
      T1555.003

      Unsecured Credentials

      1
      T1552

      Credentials In Files

      1
      T1552.001

      Discovery

      Query Registry

      1
      T1012

      System Information Discovery

      1
      T1082

      Lateral Movement

      Collection

      Data from Local System

      1
      T1005

      Command and Control

      Exfiltration

      Impact

      Defacement

      1
      T1491

      Inhibit System Recovery

      4
      T1490

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\Adobe\Updater6\read_it.txt
        Filesize

        582B

        MD5

        ed5cc52876db869de48a4783069c2a5e

        SHA1

        a9d51ceaeff715ace430f9462ab2ee4e7f33e70e

        SHA256

        45726f2f29967ef016f8d556fb6468a577307d67388cc4530295a9ca10fdfa36

        SHA512

        1745aefb9b4db4cdd7c08ee3a7d133db08f35a336fd18b598211519b481ef25ac84a3e8a3da3db06caef9f531288d1cf0ca8d4b2560637945e7953e8b45421f5

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\50a3tht42.jpg
        Filesize

        601KB

        MD5

        1590267bfab5fc9e6d537151be1a1bc3

        SHA1

        e71e9d22611962b68b663b2551196c6c4a91d218

        SHA256

        68edccb4f0be5927faa5a6a1589bd7434bd8cf55df48ee60c12bcf7a235e4b2d

        SHA512

        e0ab8739ecbdb40229da3808f1d7ea9d128091d7647738176f619d7742f82dc4803f6a70982d299e80ae5c99b85cee0c9ef112e915726e94cd72889160a1bf14

        Download Submit

      • C:\Users\Admin\AppData\Roaming\svchost.exe
        Filesize

        1.6MB

        MD5

        4c0e5c4aa3eb66907cf32b7bd869dd8f

        SHA1

        2f97ad58991c727a897f4613e00d6b24a3300a85

        SHA256

        31aa2f05a7cd0b81002336c0f0b5397415b9ee70250862f91215e2bc4bb571d8

        SHA512

        56ddad28ad605fe95b4b8f1ea00a130db1e07e082391ce2a1c8336d4ee6f177d1d9806b8a5e200ddc2bf7319f9ba44f194cb48f52f3e9f2c689e7d9b502eea51

        Download Submit

      • C:\Users\Admin\Desktop\BackupRedo.ppsm.09ow
        Filesize

        151KB

        MD5

        a8fc6da8da3a51962828249c45b9e1af

        SHA1

        e606d4ad0c0d05048a7c103100d0b4ce402c47d8

        SHA256

        b3bab121958f6f8d4ef345daae21544c5305ad3592c85d8dbea00cd5c842e14c

        SHA512

        f69caf9a472aa2e92e27fe3e4fb18742a44244d569782fceee1a822764d9236b89fce8e000d44b561d6fec0b8676afcb762e72346ca6b37fcbd54a627f68bfbc

        Download Submit

      • C:\Users\Admin\Desktop\CompareRestore.xlsb.h52s
        Filesize

        386KB

        MD5

        4056b5b11802fdb02fe06f8712f61223

        SHA1

        ec91cef9cf56ebfac4ef1aef3f1e5140f7df2d88

        SHA256

        51d343cb924e66d75fc281956525b22387842f080243ff6965c00eb768c5cd65

        SHA512

        a197644c19eb99a071152fd485cc733672972a85da9dda305a094acbef60b4a62b4fe68830201d5b0e8fc11e632f5753009cc8b9793d3761b9d3681459531122

        Download Submit

      • C:\Users\Admin\Desktop\CompareWrite.7z.vg3y
        Filesize

        98KB

        MD5

        4f1d55f17599428d15aa982fd43e5867

        SHA1

        6c38063fac733045d79b680ed7e3575117d772c2

        SHA256

        8c88767df5620e62729bfe37d4ffb453cc17a70bb31545c14f801fc97b2e87d8

        SHA512

        eb882ce99e0710da61dee43b745d71c8f3e0071f9122d0f0a1437d6861fb211db1bff23238f3ba9b3711ce85190356f098ae37be3e450083b5ce9ac2a434337a

        Download Submit

      • C:\Users\Admin\Desktop\CompleteEnter.rtf.6cvu
        Filesize

        174KB

        MD5

        5247776b617ac7a303b019a8b2e836df

        SHA1

        ed637b95160aff336b39e77f19a990580dffbf1c

        SHA256

        9ed09e7d61aa04b9078f41339575556a0d2e0660fbbc89fe1903fe61e707a25a

        SHA512

        940de0bfc4443b209173a9d239d1de7106dc5b93b3630e81533c116a733183e6fb658e6f9e148757000ee66de4f4e8e4906195fbd5adf546fde222b43172ffb7

        Download Submit

      • C:\Users\Admin\Desktop\CompressUnlock.xlsx.5yc8
        Filesize

        12KB

        MD5

        ee5655c52a573c0e634cd0e84f9e57ce

        SHA1

        820993eb83f9a435c6d18d24421b8b7f239776d8

        SHA256

        661a281f4cfcc2042b7715ad87f136422929a8f80eb1b35a199988bd8903e97a

        SHA512

        0f63a8a24cdb0fd86a53a9a528ff9387cf435156039bbf1b019e184278460745e5c3efdba67867f967732ceb24bb3f91f280c571439b780420b6401090c7a723

        Download Submit

      • C:\Users\Admin\Desktop\DenyUnregister.vb.pm3n
        Filesize

        265KB

        MD5

        062220d6d7f849c71dec2c3dc8185cf5

        SHA1

        fd9b045a8cf680ca7be682f29160e83d570e45e9

        SHA256

        305ad76bcab47f38acd7b244b9354b4b7c77c4e15fbfa61a82b52798b6a2a169

        SHA512

        5de92a15d2bf570420bb8c86ae9af72b9c5e050295508eeae8b9efbad60357bfe1362e258180fb6311f40223ad7e692dabef75bef2e468c04e00381b0ea9c91e

        Download Submit

      • C:\Users\Admin\Desktop\DismountWatch.jpeg.r5a1
        Filesize

        106KB

        MD5

        0e5ff74fc344a1fbde7d721e361972fb

        SHA1

        f5e124776952e0788af1e3753980126eaf9f0fb5

        SHA256

        00925a0398f7be8ac2070af62fb2532dbfff305c811e05c9eb71d793348cae14

        SHA512

        b336be932059d448bffba6ad6a15e519a09d4423e283c40cb7d65d3b175bf77b49b94f3328ed17f9c82989e4918346ffc888f899bf6b226db2ee8b091ee3eafa

        Download Submit

      • C:\Users\Admin\Desktop\FormatUndo.bmp.2nba
        Filesize

        273KB

        MD5

        97e648a5e3b8b485219710c51effe254

        SHA1

        1d147ab1728130502f5f1525de3a154fb8e8651c

        SHA256

        c96b904d386ffbe2167206f44fb6a5d1fa00bd0a7d5c221438d0f30778830a59

        SHA512

        634116dfbf09cf2bbe3d594dc9791ddf90711b33c36232939cad4eb8c3d346aa727c8e42ef02cac287cd7eef4c1807dfa2820b5b555ab137f0c1474217d33bd2

        Download Submit

      • C:\Users\Admin\Desktop\InstallSuspend.docx.bew5
        Filesize

        14KB

        MD5

        d5ae9847cc42264334d4f6cb8afa4e2e

        SHA1

        5115345e364791057627d57333c7aee6e76f9219

        SHA256

        5a6c5e84934e5796e165d70d032674157ea0372157654879328f9eff7896a01b

        SHA512

        129ce5764c8b965ecdfe7dff375db5bba46c1b6233915e9a6686e49c2f8ec12a5d6bc439d7918e79a454f38e84a5e13525d261a322c3ec1bd9b785c4347b80e8

        Download Submit

      • C:\Users\Admin\Desktop\OpenMerge.ppsm.gdwi
        Filesize

        121KB

        MD5

        a3f5e210420caf2d6db76e48aed74c3a

        SHA1

        efd602e89e6cece7fa13a25eb1b303ca0c2202d0

        SHA256

        71d1fc32dab75f443d22684d56b662c974ae31e5b8c8de53fc1105255acc345c

        SHA512

        b79795f48d1fd50d51e815d9b0fd7d0731c4ee0ca972e9886630316d85a5ac4921015a53cca3816c2429a12a439f910a1d50382df26cb158db0e3fbd2ff8e278

        Download Submit

      • C:\Users\Admin\Desktop\OutUpdate.3g2.mqjm
        Filesize

        197KB

        MD5

        718244ffa13ef3f64b2bc91c69982ee3

        SHA1

        57de14238e073003eefff24b095101720b26b3fa

        SHA256

        fbd55c318e60835a3067a200811d2eda86577ed80cf903fa16fb42b773bf5e35

        SHA512

        3014392eeb86f7413e200f23ae696dfde0bb73defe7c8f7dac13625ca513e57f9791ee22ca01f95b1264486db47241db1f0706ff1e4fb3b801136281ca5ff392

        Download Submit

      • C:\Users\Admin\Desktop\ReceiveUndo.xlsx.xb75
        Filesize

        13KB

        MD5

        25381c1616e5bb227b4af7a231c2870c

        SHA1

        f13d15757117f6cb8f1d8423099a68d7e2acc49e

        SHA256

        adb443ec1f5b73512b6dc640ef81da848353ffd60564b0c5774341115b956520

        SHA512

        5a6eff403d32e2c26155c684b647ff580b99b163f0ee02e5cb5df11eb41256cd66878c8758eb72c60f6fe6b40b2955e04b18611a0e44f3caf767a33d027f8167

        Download Submit

      • C:\Users\Admin\Desktop\RedoAssert.potx.u7c3
        Filesize

        182KB

        MD5

        21431629a66390d568758256b5b8597c

        SHA1

        213f99ad3143cb0fb3736b5958b56bb88f6b903f

        SHA256

        aaa972566c869141bf56ebd487b3d7d994693ac7a5e1695d47d9f0c46e7d8a7b

        SHA512

        a8ea9772f0519c45fc4a8bee461250c2c33259963b75f3e232fcfb2d9e391aef3b105167c51ece0af561293ff5bbcb7700e3f5dbcee28b225d1fc2537d4dee22

        Download Submit

      • C:\Users\Admin\Desktop\RestoreTrace.htm.u11t
        Filesize

        136KB

        MD5

        09d3f7aad462cd2edda750048effa032

        SHA1

        d507f8fbf8b2fa47778e9596ae7bb03e68a0fbf4

        SHA256

        258a6705e0110c9bf11998633f8675b3dc6f54467c1f961920d73f82bf7bce95

        SHA512

        457b1dbc3b2a20dc97a77b6fefca4ec1f2af3eb34fcd1268eb761e39a5216a3c9411f4c6bfc625c5ca853342da5141fb2459a670df6b220b5bd62da728743ca3

        Download Submit

      • C:\Users\Admin\Desktop\SubmitUnblock.htm.6ays
        Filesize

        189KB

        MD5

        92dd98cb4999c0c794cc6d656d6e3a11

        SHA1

        98a517ec4596c9f98a38ba591857e10d76e7b731

        SHA256

        c7f6ee824e1035cf2ff0f8686458dd4864433f7e59396e2580c49880d61d98e9

        SHA512

        c93e0aee2cb339ae1dc22a9461b1a2db4e9afdb5d44a1d5869386ffd109acf5e2a9f4dbe89b4af333eae9848ab4d282993b8fe0e96d75d0922312466845be61f

        Download Submit

      • C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk
        Filesize

        1B

        MD5

        d1457b72c3fb323a2671125aef3eab5d

        SHA1

        5bab61eb53176449e25c2c82f172b82cb13ffb9d

        SHA256

        8a8de823d5ed3e12746a62ef169bcf372be0ca44f0a1236abc35df05d96928e1

        SHA512

        ca63c07ad35d8c9fb0c92d6146759b122d4ec5d3f67ebe2f30ddb69f9e6c9fd3bf31a5e408b08f1d4d9cd68120cced9e57f010bef3cde97653fed5470da7d1a0

        Download Submit

      • C:\Users\Public\Desktop\Adobe Reader 9.lnk.fcbt
        Filesize

        2KB

        MD5

        7088ca34bc4466b946eba64ac965dbc4

        SHA1

        dd4b1920e1b0d3403c8e20602bb59c1415bfeaba

        SHA256

        8ab6121316989ae808a5ac08c23b915260b79eb2f0f0cb13063ae370de088124

        SHA512

        c1848943496a4b4a7e09232fd7c05818adc376e0570c69d7be97a18fc0bde49e5659a565864c5125255b1506f67cf6d67b0fd5befa93d1960e08e98fe95f537d

        Download Submit

      • C:\Users\Public\Desktop\Firefox.lnk.xyjd
        Filesize

        1KB

        MD5

        0ee2d731cb7f830d9017fd51fbbcb157

        SHA1

        3476b176e3ec5494e491202d8f99fd32e34fa983

        SHA256

        128f425dec7496e8ca71f0280469d68451c256f9ad81fc53d1ea0234a386bbff

        SHA512

        099ddfc5a62b5cf2bd76c31fad2dfb18ffa0700ed2363bb06b9c6332078a9349fe1bc08e264fa29347f8b1181740c37d45ae7e83ac0c056c79654b357d301201

        Download Submit

      • C:\Users\Public\Desktop\Google Chrome.lnk.vxad
        Filesize

        2KB

        MD5

        bd2352174baccdeb2ad2df7578ce8b2a

        SHA1

        4fd39d450fbbf25b40a9e79fdefee5af7d77eb61

        SHA256

        c2c7e4362659899c296b38be859b141b328e3e24a42176116d959b433e71aa0c

        SHA512

        d5273e7be35774b1ba7bf24a7e8f67272a6789ad02a762891f7d8ae405afc5214f38d9c4ce9efe6baf29c65931d141600eae252ab7d237134a811e19b15085ca

        Download Submit

      • C:\Users\Public\Desktop\VLC media player.lnk.b5sk
        Filesize

        1KB

        MD5

        01c652e0636dbd3750cda986fc3301be

        SHA1

        5da451393d6aa0eba03629bbfe88cc027f7408f0

        SHA256

        e9b681030a218e86067c95ab979638cb0f724a9dab0d9ae00ea177fa57acaf93

        SHA512

        027f3d93efeac7961e6865414b69c6cc1ac33e5d2c0821c7b471070f0a66502770ef51f99a86b6de655c98d7a80b7ec3c806ee1de99d5b65bf89afb08206a48b

        Download Submit

      • memory/2804-8-0x00000000000E0000-0x000000000027E000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2804-11-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2804-10-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2804-983-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2920-988-0x00000000032F0000-0x0000000003300000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2960-3-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2960-1-0x0000000000C60000-0x0000000000DFE000-memory.dmp

        Filesize

        1.6MB

        Download

      • memory/2960-9-0x000007FEF5210000-0x000007FEF5BFC000-memory.dmp

        Filesize

        9.9MB

        Download

      • memory/2960-0-0x000007FEF5213000-0x000007FEF5214000-memory.dmp

        Filesize

        4KB

        Download