Overview

overview

7

Static

static

1

TLauncher-....1.exe

windows7-x64

7

TLauncher-....1.exe

windows10-2004-x64

Resubmissions

05-10-2024 21:24

241005-z9agrstapj 8

03-09-2023 03:11

230903-dpwcvagb5v 7

03-09-2023 03:06

230903-dl6peagb41 7

03-09-2023 02:48

230903-daplragd86 8

03-09-2023 02:45

230903-c8vpzsga9x 8

28-05-2023 20:42

230528-zg5gfaha3t 8

03-05-2023 06:50

230503-hlye9adh28 10

03-05-2023 06:42

230503-hgglyaff81 8

Analysis

  • max time kernel
    100s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20230831-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20230831-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-09-2023 03:11

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    TLauncher-2.879-Installer-1.1.1.exe

  • Size

    22.6MB

  • MD5

    c4ceda8c435298d23cc40a842f426d61

  • SHA1

    c7337094f09852b00a815950e96f3292295e9e15

  • SHA256

    e132be19bc7ae8a96d3d620710fa26b614e022abecccc161ad733eff732afcd6

  • SHA512

    25e74422d3b7adeb0cc805bbe41298d4e0fcf984b038c63a3a4faeea16e10a18f113c9a7d946e16f377ad9e3a5ca0a6425d7650b62c1e5db9ee2299e9921f52b

  • SSDEEP

    393216:LXfgqusAgbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq3:LvtDpsHExi73qqHpg+Vvc+Amc

Score
7/10
discoveryupx

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 3 IoCs
  • UPX packed file 6 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 15 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 17 IoCs
  • Suspicious use of SetWindowsHookEx 7 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3864
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.1.exe" "__IRCT:3" "__IRTSS:23652314" "__IRSID:S-1-5-21-1859779917-101786662-3680946609-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      PID:956
  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault0f58e66aha56ah45fch88e7h3e0d791d78f1
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4612
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd873b46f8,0x7ffd873b4708,0x7ffd873b4718
      2⤵
        PID:5104
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,5988375685757004583,11517633104132204258,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        PID:5024
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,5988375685757004583,11517633104132204258,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
        2⤵
          PID:2220
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,5988375685757004583,11517633104132204258,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2964 /prefetch:8
          2⤵
            PID:3884
        • C:\Windows\system32\SystemSettingsAdminFlows.exe
          "C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
          1⤵
          • Enumerates connected drives
          • Drops file in System32 directory
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of SetWindowsHookEx
          PID:2036
        • C:\Windows\System32\vdsldr.exe
          C:\Windows\System32\vdsldr.exe -Embedding
          1⤵
            PID:5448
          • C:\Windows\System32\vds.exe
            C:\Windows\System32\vds.exe
            1⤵
            • Checks SCSI registry key(s)
            PID:5528
          • C:\Windows\System32\vdsldr.exe
            C:\Windows\System32\vdsldr.exe -Embedding
            1⤵
              PID:2116
            • C:\Windows\system32\vssvc.exe
              C:\Windows\system32\vssvc.exe
              1⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:5264
            • C:\Windows\system32\LogonUI.exe
              "LogonUI.exe" /flags:0x4 /state0:0xa3943055 /state1:0x41c64e6d
              1⤵
              • Modifies data under HKEY_USERS
              • Suspicious use of SetWindowsHookEx
              PID:3936

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\$SysReset\Logs\setupact.log
              Filesize

              109KB

              MD5

              48ce6ddca6821c45ced03b62da1f1835

              SHA1

              e5f8bbba095a4b0540c494fc7b57d975cdebb343

              SHA256

              0f9bd31f77a4192977183f9e58859cd9e4e9ca5d458f42551a4e715308eef35c

              SHA512

              f580731a53641b2e936aa0b8086075bd8df628db46d24f7b4ee05c8b64c91843cc49d76983d9bc7f5e144a82aea8be90ddd09d9479f39344cde65b19d37af84e

              Download Submit

            • C:\$SysReset\Logs\setuperr.log
              Filesize

              749B

              MD5

              37d39deac98fcafd7239b384ece74299

              SHA1

              d972e48e8cd14db5dcaaecd63cf7c5b7925c7e7e

              SHA256

              6032b5f1a6476ef6cb57b358137737b4d67ed87b22a2a87d4cd069d76d19b3ae

              SHA512

              8bfc6db2b2ca35e3229970f436a64e6067f2f4017ab7a69ca5902d512237ca7b39a2bb8f7791adf440a1810c5b2f9547a6aa6ba0306da186ca7a1124164aebe5

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
              Filesize

              152B

              MD5

              4d686809520430031d6ecf2c8de5f735

              SHA1

              64e3932e857e1b34077e1b7793f40ad35abaf6b8

              SHA256

              c5f61a0a6d91e818e9ada3e527de4a5975767d6425823b33ea107cec0c99874b

              SHA512

              8a5adfc8d90f0752672879cf18f55be8e80e36e2a7bdf281ee3967f9953413dc31c33a0b52ada169c3f628896a28caba1769d8d33874903260ad6c8d5a925e36

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
              Filesize

              111B

              MD5

              285252a2f6327d41eab203dc2f402c67

              SHA1

              acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

              SHA256

              5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

              SHA512

              11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
              Filesize

              5KB

              MD5

              95a5fc55c80a25c887a3faee7c8494b2

              SHA1

              ccb550be9935f0c017b37dd289f73b113f34d50c

              SHA256

              1487a0d6de82c1d0ec245ee0aa0063ae5875dfb9f33d199a03afba1bdb3cfafe

              SHA512

              8f024c6432cc7e4e195417d7db3c3b6c8d5ba33ea4cc5ee08526ff85dd03f03aabf6f44f2953f2b9460e19822909b4aecd31ae07fb467e3f6a1b4e6d8e9976f6

              Download Submit

            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\c28dc80e-5967-4500-b867-55ec25b8a866.tmp
              Filesize

              3KB

              MD5

              39a8603a86188e0810470ba2d3c6d706

              SHA1

              0cff494389dde18be4c156b5a66986cdf606fe6f

              SHA256

              eb53eaf70cca46ac86c7c4be70e3db89c6ecd011dd6db5fbf90868625f892297

              SHA512

              6a67dcc919bf31aacf23d1e0990d96d9548b801f3e3de10de25bd15c4ca262f64ecaef2da04531c318e39561d630f44909aac2c1a39acec1751224f7bc5b082e

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
              Filesize

              116KB

              MD5

              e043a9cb014d641a56f50f9d9ac9a1b9

              SHA1

              61dc6aed3d0d1f3b8afe3d161410848c565247ed

              SHA256

              9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

              SHA512

              4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
              Filesize

              1.8MB

              MD5

              8d26aecef0a7bdac2b104454d3ba1a87

              SHA1

              50c29c58dfece62d94ed01cb5b3d070e593dc9cf

              SHA256

              e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

              SHA512

              0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
              Filesize

              1.7MB

              MD5

              1bbf5dd0b6ca80e4c7c77495c3f33083

              SHA1

              e0520037e60eb641ec04d1e814394c9da0a6a862

              SHA256

              bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

              SHA512

              97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
              Filesize

              1.7MB

              MD5

              1bbf5dd0b6ca80e4c7c77495c3f33083

              SHA1

              e0520037e60eb641ec04d1e814394c9da0a6a862

              SHA256

              bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

              SHA512

              97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
              Filesize

              97KB

              MD5

              da1d0cd400e0b6ad6415fd4d90f69666

              SHA1

              de9083d2902906cacf57259cf581b1466400b799

              SHA256

              7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

              SHA512

              f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
              Filesize

              97KB

              MD5

              da1d0cd400e0b6ad6415fd4d90f69666

              SHA1

              de9083d2902906cacf57259cf581b1466400b799

              SHA256

              7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

              SHA512

              f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
              Filesize

              1.3MB

              MD5

              0913b4c43b4a1c301353197c30e01f4f

              SHA1

              245c343a7bb339d402ff8e9d442389a4f3dfc3a8

              SHA256

              238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c

              SHA512

              9d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
              Filesize

              1.3MB

              MD5

              0913b4c43b4a1c301353197c30e01f4f

              SHA1

              245c343a7bb339d402ff8e9d442389a4f3dfc3a8

              SHA256

              238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c

              SHA512

              9d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
              Filesize

              1.3MB

              MD5

              0913b4c43b4a1c301353197c30e01f4f

              SHA1

              245c343a7bb339d402ff8e9d442389a4f3dfc3a8

              SHA256

              238d15cbb1a929fe19f4558c44fbc67d5d6b9a3176fd9d880345ae0174a8d87c

              SHA512

              9d2da27264af71d7d1b9a3eac36e9b413041836de2559899d384a76b888cd495703a306c384752047bc9e1da3f8ee908da7218a58cfd9af1f81b51be4b27321f

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
              Filesize

              326KB

              MD5

              80d93d38badecdd2b134fe4699721223

              SHA1

              e829e58091bae93bc64e0c6f9f0bac999cfda23d

              SHA256

              c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

              SHA512

              9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

              Download Submit

            • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
              Filesize

              326KB

              MD5

              80d93d38badecdd2b134fe4699721223

              SHA1

              e829e58091bae93bc64e0c6f9f0bac999cfda23d

              SHA256

              c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

              SHA512

              9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

              Download Submit

            • C:\Windows\Logs\PBR\ResetSession.xml
              Filesize

              7KB

              MD5

              d7090a451b7f23fb6bf188b1ea5f7eb0

              SHA1

              af4dea39ec9315d5eb82e66148b087cd89e7c526

              SHA256

              23d8206dfc4d303ab245f39d53dcf2fcb4c7e53b637278d4b207c3bd698cb531

              SHA512

              1019689e0b9bcfa5ac3a524a87de6ac1fd6e39b84a0682cc110bbada6bcf3068a8bdb3892197f6ba49088066e8a9ae03b689eae6e30ba44270192222efd941ae

              Download Submit

            • C:\Windows\Logs\PBR\SessionID.xml
              Filesize

              106B

              MD5

              bd408dfca0f1ab2484e9ec7c364ea67c

              SHA1

              924095e38b2d4f55df7f490796654336a6dd852a

              SHA256

              1450f4bc3b21c857e8dbc72366f1f90f8613c1c4a3664cf26c4b2d6bfce0069c

              SHA512

              3166222aeb7165c43b5eb7d8a75526a4a5be748e696e57f0dbe5d2a1cf8a4b2345334996369c2e9a323d406e6e4deec667283a7fbf60aa839e442b46b57e8004

              Download Submit

            • C:\Windows\Logs\PBR\Timestamp.xml
              Filesize

              42B

              MD5

              2e07d79fe463fd403c7aa54f7d801c55

              SHA1

              7480430781afe74edb3c34e625cc9db6b6c821a2

              SHA256

              8a30d9e3f7fafb8bfb6e5f3ac061613e787392cf1e6687a3f83675b5ea114cb6

              SHA512

              2aac912edcaf626c48cf12153cd6557186247dc5194d3b7e456d4bbd70e9d630ec1a180c192d9b83ab04aa74e0246d7a76c5a352445d9c8f6c8cb0b1849e8f37

              Download Submit

            • C:\Windows\Logs\PBR\WinRE\bootstat.dat
              Filesize

              66KB

              MD5

              3c08dea20e350ea34f7309e856576428

              SHA1

              d7a048ccc07b4d16afc4d778d5601a067fb151b9

              SHA256

              b7bbc3f2463000f52eadcce2e262512dc79bbbb3355c62c734f18db57e0fba82

              SHA512

              1c1cdd554cbf98dcb7358808cfa2682bd09a596e24a3708ab73e379e5f8ae7dc394b8e88824589327e2f67487ca19dacba9e3288993e2e92463dc32aaef67f9d

              Download Submit

            • C:\Windows\Panther\UnattendGC\diagerr.xml
              Filesize

              9KB

              MD5

              e73c344eeb393ee391830e91bf5e0af6

              SHA1

              56450e43968419cb0640cbaee49a119fec1b157e

              SHA256

              75855d3f1eb44101ba2efc21fe59765b007a01ad268f6e1adb25f67564989415

              SHA512

              901210c1c81697f660307af0f356610e3df625ca32bb0b68ba6fd574d6740926f7b11ce92c93eab8de6947fe45b5141ee40e3db181f66c75fee27a64c8bc003a

              Download Submit

            • C:\Windows\Panther\UnattendGC\diagwrn.xml
              Filesize

              15KB

              MD5

              0945aafac408cb829fc4752a5c9875a9

              SHA1

              07c580e7866253827729eaa624f7ab267f801d74

              SHA256

              e0e6ece63b00e8ace783095db45097f60e51e923e8e2d8e132ff65406f5b436d

              SHA512

              3199a9c9fbdd54a744861f7163e5b9c122ddd7fc5cc71f351e7f089cc185175a8dee8ffb92e8ee77ad50d3620b0a4bd45d0d2eb5ea90fcf400a4d5ea29ac441c

              Download Submit

            • C:\Windows\System32\Recovery\ReAgent.xml
              Filesize

              1KB

              MD5

              7b0572d5f951497fe63c27774574ec0c

              SHA1

              5ff9c563b44c03c13b932630124a085bf08f9ebb

              SHA256

              3975efa37ac628474324c4a683d0c97022fcbe52b3201141d1ad276547ae2c8b

              SHA512

              906aad3cc7a8156916597e47a44c9c143a305a93295cbea07d52066975eafd42b20c8833d14fdd6d6bfda7ace8230466c397259123df40d1099b855609bd5a12

              Download Submit

            • memory/956-656-0x0000000000C40000-0x0000000001028000-memory.dmp

              Filesize

              3.9MB

              Download

            • memory/956-654-0x0000000000C40000-0x0000000001028000-memory.dmp

              Filesize

              3.9MB

              Download

            • memory/956-13-0x0000000000C40000-0x0000000001028000-memory.dmp

              Filesize

              3.9MB

              Download

            • memory/956-302-0x0000000010000000-0x0000000010051000-memory.dmp

              Filesize

              324KB

              Download

            • memory/956-303-0x00000000064E0000-0x00000000064E3000-memory.dmp

              Filesize

              12KB

              Download