d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b

Analysis

max time kernel
167s
max time network
179s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
04/10/2022, 01:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe
Size

243KB
MD5

3217ed4815c945be24b12ca75f4d00e0
SHA1

932a8f7c65a66283f92c2440d20de77004037c4a
SHA256

d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b
SHA512

94b3e0074d9459c71c600dba6b2e347c1a7fc1452feea954d79e1e6eb9973275cc082cce82396b5d91eca08d92f462b1de0b727e6a7d682869aeb5455a147e56
SSDEEP

6144:hw7/D/XeQgV1Chc2ZN7h9fwBbv1TvgvZtiucFH5gTpi3zJZoS:CWHOhc2Lh9abv1LyMucfApi3znoS

Score

8^/10

Malware Config

Signatures

Executes dropped EXE 2 IoCs

pid	Process
5024	tesktog.exe
3360	tesktog.exe

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\errorPageStrings[1]	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\NewErrorPageTemplate[1]	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\B6z3MALNFEeBovQmI37aEJvT4eI.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\JtvAkjILCiU6WVbOOByE52wmTSo.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\nosigninb67ac1f0[1].htm	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\OLotjfdvYCvKKPPfhZqbpLnAteY.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\search[1].htm	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\B6WiTWDBTTftfGQ5xgzMV5rLPfg.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\n1U5gwBiwMo7s-fWOh2kSe3Kils[1].jpg	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\authorize[1].htm	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\fetchErrorIcon[1].htm	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\mouselog1.16.min[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\pz421bijbK5lmV9FFBsk0txoB1A.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\FQi2PeLM67s5kJit5XDQLcpxh-I.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\UYtUYDcn1oZlFG-YfBPz59zejYI[1].svg	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\KC_nX2_tPPyFvVw1RK20Yu1FyDk[1].svg	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\b4Jy0kwhnsWcsDQyuzAEsN7RmhQ[1].jpg	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\x1Lg1sLBmE6D_l-DY_oXAbR_Fhs.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\fetchSpinnerIcon[1].htm	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\H0tBeYy8ok5qbeZq9Oge36K-zeo.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sB94OVF5iRwdPUbrzunIlqNeEC0.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\9GouGbnyUbya6o8oQc7Ovfb_DoY.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\dnserrordiagoff[1]	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\XP1T-mJulismqF73X1YrrtBSGPw.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\9l9kOs6qhrqEgG4-ECVfBL62HCQ[1].png	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\oTnAeCTy1wpurBE4xfhX3gCY6bI.gz[1].js	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\mmTd_VrRk3u9Mbq0yVOC2VTuNuc.gz[1].js	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\dnserrordiagoff[1]	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\fdVZU4ttbw8NDRm6H3I5BW3_vCo[1].svg	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Fsa_OI0AplCnVoXGca8ALOo0S0s[1].svg	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\7m655Ud2BRXxznIYtGVzYp1pj8s.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\hc3NsIFYndwdEUaI2PZ8E59sr4k.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\sbi[1].htm	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\wyVGfTD-G9ExaqWqCQgG7kOGN0w.gz[1].css	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\hdL3cmzP7O7t3SKn61Kvv_NFfI8.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Oe08_JybWoSjYfa3Ll9ycg1m96I.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\KHyqpNEgLO9gplDjiVz7SmJpcLc.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\TQoLlG0RJyAZGxLLCyLOop9H3KQ.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\UMc3LQfNxSkvn2QdRt2WMsv397Y.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\CMm2G4GK3T9XHTMByeN2QI1OVUs[1].jpg	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5	tesktog.exe
File opened for modification	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\l[1]	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\k3ZVuYS7g0Y3jh4IK8ZsmdNbzxw.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\55KhVwBVXs5EJ8TcJrrKbOxo1go.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ELqKWpA6KkapLUFbOLS-IQ2zfXc[1].jpg	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\oqE9f9caWX8fiTHooTOSJwml6z4.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\eUcdRiuZdFH02B6xVNuYdLENFuw.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\guuFkRm0gzXL5Mft1itxYFzKnQQ.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\Xp-HPHGHOZznHBwdn7OWdva404Y.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\5ZeCNP-uUJOft0EeiTJVHgcU_PU.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\NtnQw9IjXgfxfLedT-Of2T7AFkQ.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\eaMqCdNxIXjLc0ATep7tsFkfmSA.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\4uGmmA-Of0BtyZxd7vuSYxIo-ek.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\T_fuRJ5ONhzzZUcXzufvynXGXyQ.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\ozS3T0fsBUPZy4zlY0UX_e0TUwY.gz[1].js	tesktog.exe
File created	C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE\3AeS2NB5HHqajWzxw1wOXC1lv5Q.gz[1].js	tesktog.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\KBPC221004.log	tesktog.exe
File opened for modification	C:\Windows\KBPC221004.log	tesktog.exe

Modifies data under HKEY_USERS 28 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet = "1"	tesktog.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect = "0"	tesktog.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName = "1"	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\AppEvents\Schemes\Apps\Explorer\Navigating\.Current	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\AppEvents\Schemes\Apps\Explorer\Navigating	tesktog.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass = "1"	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\AppEvents	tesktog.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"6.2.19041.546\"hypervisor=\"No Hypervisor (No SLAT)\""	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\AppEvents\Schemes\Apps	tesktog.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3\1601 = "0"	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Internet Explorer\GPU	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\AppEvents\Schemes\Apps\Explorer	tesktog.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content\CachePrefix	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History	tesktog.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies\CachePrefix = "Cookie:"	tesktog.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@ieframe.dll,-12512 = "Bing"	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3	tesktog.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History\CachePrefix = "Visited:"	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\AppEvents\Schemes	tesktog.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\P3P	tesktog.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3360	tesktog.exe
3360	tesktog.exe

Suspicious use of WriteProcessMemory 6 IoCs

description	pid	Process	procid_target
PID 5068 wrote to memory of 5024	5068	d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe	81
PID 5068 wrote to memory of 5024	5068	d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe	81
PID 5068 wrote to memory of 5024	5068	d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe	81
PID 5068 wrote to memory of 3680	5068	d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe	83
PID 5068 wrote to memory of 3680	5068	d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe	83
PID 5068 wrote to memory of 3680	5068	d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe	83

C:\Users\Admin\AppData\Local\Temp\d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe
"C:\Users\Admin\AppData\Local\Temp\d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5068
- \??\c:\RECYCLER\tesktog.exe
  c:\RECYCLER\tesktog.exe
  2⤵
  - Executes dropped EXE
  PID:5024
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.bat
  2⤵
  PID:3680

\??\c:\RECYCLER\tesktog.exe
c:\RECYCLER\tesktog.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:3360

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\RECYCLER\tesktog.exe

Filesize
243KB

MD5
3217ed4815c945be24b12ca75f4d00e0

SHA1
932a8f7c65a66283f92c2440d20de77004037c4a

SHA256
d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b

SHA512
94b3e0074d9459c71c600dba6b2e347c1a7fc1452feea954d79e1e6eb9973275cc082cce82396b5d91eca08d92f462b1de0b727e6a7d682869aeb5455a147e56

Download Submit
C:\RECYCLER\tesktog.exe

Filesize
243KB

MD5
3217ed4815c945be24b12ca75f4d00e0

SHA1
932a8f7c65a66283f92c2440d20de77004037c4a

SHA256
d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b

SHA512
94b3e0074d9459c71c600dba6b2e347c1a7fc1452feea954d79e1e6eb9973275cc082cce82396b5d91eca08d92f462b1de0b727e6a7d682869aeb5455a147e56

Download Submit
C:\Users\Admin\AppData\Local\Temp\d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b.bat

Filesize
260B

MD5
7244df819fa35b7497c153bcec845d4c

SHA1
02b4df578aa42c706e41cfdc8569aa4bc8cb1a32

SHA256
ecd7227e0f0ee32558a9fe233e537786c79f737d0f207707049697649196ea29

SHA512
8c6d05ad3bcd3c95911dd5824c4d4d694b46dc92ee8f2bd3dceaed96321ee3ef08c2936cec212d05383c38ddfbc5f0b19539f131009711040e3bd273146fc218

Download Submit
\??\c:\RECYCLER\tesktog.exe

Filesize
243KB

MD5
3217ed4815c945be24b12ca75f4d00e0

SHA1
932a8f7c65a66283f92c2440d20de77004037c4a

SHA256
d3192e9a4813460082290ca81edb21da2ba0e1b2f27fa1e00b78c6d54dd2b36b

SHA512
94b3e0074d9459c71c600dba6b2e347c1a7fc1452feea954d79e1e6eb9973275cc082cce82396b5d91eca08d92f462b1de0b727e6a7d682869aeb5455a147e56

Download Submit
memory/3360-141-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/3360-142-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/5024-137-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/5068-132-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download
memory/5068-139-0x0000000000400000-0x0000000000485000-memory.dmp

Filesize
532KB

Download