ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2

Analysis

max time kernel
205s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20220812-en
resource tags

arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system
submitted
20-10-2022 06:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe
Size

939KB
MD5

805d136101687e583dfc146a6b45ff60
SHA1

0d0a5ef078c509ca32e3877ee2f9b8572abdd9e9
SHA256

ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2
SHA512

5a7bb10f9cb3f62b8835adfb9053442ed1b36c2b5aa9c4b650bf40838429d38a59c0dcba7a5bcd1e92c3675a496b3e3f18eab5c86d7729e08023afc72866a572
SSDEEP

24576:3RmJkcoQricOIQxiZY1iaiTqv9xcvGgoP:8JZoQrbTFZY1iaiTqvLPga

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	cmd.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 712 set thread context of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 20 IoCs

pid	Process
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2356	AcroRd32.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe
2356	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 712 wrote to memory of 4360	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	81
PID 712 wrote to memory of 4360	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	81
PID 712 wrote to memory of 4360	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	81
PID 4360 wrote to memory of 2356	4360	cmd.exe	83
PID 4360 wrote to memory of 2356	4360	cmd.exe	83
PID 4360 wrote to memory of 2356	4360	cmd.exe	83
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 712 wrote to memory of 260	712	ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe	85
PID 2356 wrote to memory of 3964	2356	AcroRd32.exe	86
PID 2356 wrote to memory of 3964	2356	AcroRd32.exe	86
PID 2356 wrote to memory of 3964	2356	AcroRd32.exe	86
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 1644	3964	RdrCEF.exe	88
PID 3964 wrote to memory of 3360	3964	RdrCEF.exe	89
PID 3964 wrote to memory of 3360	3964	RdrCEF.exe	89
PID 3964 wrote to memory of 3360	3964	RdrCEF.exe	89
PID 3964 wrote to memory of 3360	3964	RdrCEF.exe	89
PID 3964 wrote to memory of 3360	3964	RdrCEF.exe	89
PID 3964 wrote to memory of 3360	3964	RdrCEF.exe	89

C:\Users\Admin\AppData\Local\Temp\ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe
"C:\Users\Admin\AppData\Local\Temp\ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:712
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /C Start C:\Users\Admin\AppData\Local\Temp\580449\FILEPD~1.PDF
  2⤵
  - Checks computer location settings
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:4360
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\580449\FILE.PDF.pdf"
    3⤵
    - Checks processor information in registry
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:2356
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
      4⤵
      Suspicious use of WriteProcessMemory
      PID:3964
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=AFCA8148FB853DEA9152493467331EF8 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        5⤵
        
        PID:1644
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=7C3380C3F9012000A5F2C15E18DE12F0 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=7C3380C3F9012000A5F2C15E18DE12F0 --renderer-client-id=2 --mojo-platform-channel-handle=1764 --allow-no-sandbox-job /prefetch:1
        5⤵
        
        PID:3360
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=1753827CE55C6BA60387622B53DAED69 --mojo-platform-channel-handle=2208 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        5⤵
        
        PID:1344
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=37835BAEE6554E3FC60C4F13B8747B13 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=1 --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=37835BAEE6554E3FC60C4F13B8747B13 --renderer-client-id=5 --mojo-platform-channel-handle=2336 --allow-no-sandbox-job /prefetch:1
        5⤵
        
        PID:3752
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=116A22005862BA32F6753D4E2D2DCFD0 --mojo-platform-channel-handle=2468 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        5⤵
        
        PID:4884
    - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
        
        "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4009994735BD3F29922F46B1A0322C18 --mojo-platform-channel-handle=2544 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
        5⤵
        
        PID:1300
- C:\Users\Admin\AppData\Local\Temp\ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe
  "C:\Users\Admin\AppData\Local\Temp\ef8910a7a4574b6111bccad87565739559527a7819b059a46a332d38885544c2.exe"
  2⤵
  PID:260

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\580449\FILE.PDF.pdf

Filesize
934B

MD5
2d5fb5d0e065bb36e3215f7112974047

SHA1
b2d93d366e67dc2975adf2d4f6dfdb0c3b67808a

SHA256
46906cf195855b0d1c04fca87fad5252c6f77dba84744bb195d5338f4540b558

SHA512
8d05745883f420bca6664b73112de682ebba89e6ea013e38cc7a2944354fecc1a3ee3893ad04f01444b5f33f9edeccfdedfad07196a44d2df6c7cd2cf49118bb

Download Submit
memory/260-138-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download
memory/260-136-0x0000000000400000-0x0000000000427000-memory.dmp

Filesize
156KB

Download