Resubmissions

29-02-2024 21:17

240229-z5c24acg6v 10

Analysis

  • max time kernel
    157s
  • max time network
    174s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-02-2024 21:17

General

  • Target

    TeraBox.exe

  • Size

    6.8MB

  • MD5

    bce254dbffa461fd2257839b34b81b15

  • SHA1

    e554d9d8d4775d5b5eb8bb1a2cf1cbedd53b38dc

  • SHA256

    15a8c8ad6f8b99f758b82843d92a110616df6dd71a4c20873817db69e9b5008a

  • SHA512

    3376c40fa1115cffe8da2b7ff2d5b3242d00b6353f0268b3e39abcc72742691e9be2392b0760b74e8a4c722c25e10f816f651082dfefe915a1c7ee2cc1398fcb

  • SSDEEP

    98304:0VvTm0B0w8uOMSdQUpB5hHZVTbJGpkVShIsIM8iKqUU8CJ:gvTm64JMIp5T0kVSXIM8iKbCJ

Score
5/10

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies system certificate store 2 TTPs 8 IoCs
  • Suspicious behavior: EnumeratesProcesses 24 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of WriteProcessMemory 33 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TeraBox.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBox.exe"
    1⤵
    • Checks computer location settings
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2544
    • C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
      "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2484,4925485367856192591,17955865468476897531,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2624 /prefetch:2
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2664
    • C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
      "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2484,4925485367856192591,17955865468476897531,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=3436 /prefetch:8
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3584
    • C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
      "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2484,4925485367856192591,17955865468476897531,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4032
    • C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
      "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2484,4925485367856192591,17955865468476897531,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2188
    • C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe
      "C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe"
      2⤵
        PID:368
      • C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
        -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Local\Temp\kernel.dll" -ChannelName terabox.2544.0.836173310\973394153 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.66" -PcGuid "TBIMXV2-O_04407510BA6140C7A997AA93907DDD32-C_0-D_QM00013-M_7A73248FA209-V_1AE2060A" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
        2⤵
          PID:2612
        • C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
          "C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Local\Temp\kernel.dll" -ChannelName terabox.2544.0.836173310\973394153 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.66" -PcGuid "TBIMXV2-O_04407510BA6140C7A997AA93907DDD32-C_0-D_QM00013-M_7A73248FA209-V_1AE2060A" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:4320
        • C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
          "C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Local\Temp\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.2544.1.100622886\1787148203 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.66" -PcGuid "TBIMXV2-O_04407510BA6140C7A997AA93907DDD32-C_0-D_QM00013-M_7A73248FA209-V_1AE2060A" -Version "1.28.0.3" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
          2⤵
            PID:4448
          • C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
            "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2484,4925485367856192591,17955865468476897531,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
            2⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:2968
          • C:\Users\Admin\AppData\Local\Temp\AutoUpdate\AutoUpdate.exe
            "C:\Users\Admin\AppData\Local\Temp\AutoUpdate\AutoUpdate.exe" -client_info "C:\Users\Admin\AppData\Local\Temp\TeraBox_status" -update_cfg_url "aHR0cHM6Ly90ZXJhYm94LmNvbS9hdXRvdXBkYXRl" -srvwnd 6021a -unlogin
            2⤵
              PID:5288
            • C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
              "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2484,4925485367856192591,17955865468476897531,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.28.0.3;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=4576 /prefetch:2
              2⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:6076
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3976 --field-trial-handle=3084,i,4016110471176367543,14287608422419064331,262144 --variations-seed-version /prefetch:8
            1⤵
              PID:1384

            Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Temp\AutoUpdate\Download\AutoUpdate.xml

              Filesize

              22KB

              MD5

              9829c6f33fab4cfca817101396683384

              SHA1

              4049f1fd48d260fbbb1c263db460a8d0c8519aa8

              SHA256

              2e76b17632034cfe30226199971403c0d86e0224c07979ca4b43cc224cebf1d2

              SHA512

              281a2215afea6f8abbb737ca3cb911fdff003bcb1dd9f2ebd58d7b9a9fffa20c3a2b9afa1cff8f0b2a2fd09bda7ab52616c134a93f0128e4cf8b0f82fea2400a

            • C:\Users\Admin\AppData\Local\Temp\AutoUpdate\Download\MainApp\upgrade_12803_12902.cab

              Filesize

              4.5MB

              MD5

              6d9e09a58ed1b7ac293cb7437464b487

              SHA1

              1e68b1968d78afc13156d3a4d0bea7e32c2cbd32

              SHA256

              2cb213c5d25add29da0ddb892e2ed7faafefe523123331e2edf6405dea5aadf7

              SHA512

              466d8b3ab514ae45f4dba2972f862d394b87aef7b970877119ca3953647fe0b27a3fd12971a7074643e8f6babfb2dcc6f79f922ecfb11d083fd51e7052a199f3

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000095

              Filesize

              195KB

              MD5

              89d79dbf26a3c2e22ddd95766fe3173d

              SHA1

              f38fd066eef4cf4e72a934548eafb5f6abb00b53

              SHA256

              367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

              SHA512

              ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index

              Filesize

              624B

              MD5

              1acce5b79b936397cef2eae4857fe255

              SHA1

              a8801d5f5fd39100980a6598c887fdf108af1abe

              SHA256

              8f173591ec72456106512dbb98c67dc676e27c57d7b52b30c3efa6abc06cb8d8

              SHA512

              421fa0f3b5732d1aac3cb467e506c1837a817d957b421ab2f9746c3f0ddf22714ce955fc1b532e14dfa101f046dd2296cb769e051f5f0e412ea7ca5e28658854

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index~RFe598e6b.TMP

              Filesize

              48B

              MD5

              60bd11e5d038263b0474da7ac2c140d9

              SHA1

              63acbbf2e6bdb363ffdd1c50bc4239e6d4d4cf9a

              SHA256

              088abbfaab3dd2565ba6dd6ce6fb9b88b0f61237a35e2e9a5f61e19970640d2f

              SHA512

              96ffad50e5360ba0704ea09796e0103f45eec56c166dd4ae98b4aa1490c0fc7c7a4b14d2d33e934207cdbcd10f6f2a4a9fdfb84917f8e828728ded0d1d55fa12

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\IndexedDB\https_www.terabox.com_0.indexeddb.leveldb\CURRENT

              Filesize

              16B

              MD5

              46295cac801e5d4857d09837238a6394

              SHA1

              44e0fa1b517dbf802b18faf0785eeea6ac51594b

              SHA256

              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

              SHA512

              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State

              Filesize

              1KB

              MD5

              d142598d4cef7a86643fdee131d57616

              SHA1

              ce4df711e86b11e955dca0097449b2620bc91a04

              SHA256

              35a853b232dc5b8c503ba4154c3895004601431fe476468d13224cfac13d5f05

              SHA512

              0c9a5b4e28614bd143be7bb9548d7b5e06efb2912ced388068a6ada39479b1b19578643234afae6a4db531c93ea247eed3baaadd681f01eea01060fc16c48d12

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State

              Filesize

              59B

              MD5

              78bfcecb05ed1904edce3b60cb5c7e62

              SHA1

              bf77a7461de9d41d12aa88fba056ba758793d9ce

              SHA256

              c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

              SHA512

              2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State~RFe59354f.TMP

              Filesize

              59B

              MD5

              2800881c775077e1c4b6e06bf4676de4

              SHA1

              2873631068c8b3b9495638c865915be822442c8b

              SHA256

              226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

              SHA512

              e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\TransportSecurity

              Filesize

              706B

              MD5

              0fd22162e629c99a53fe13cbd94b29bd

              SHA1

              bb6f6a72a6d3270d45767ac70acd8d7da0271019

              SHA256

              6e969f2f0f4d86f1af6b659090aedfc1c73920f9610f29f8860febf29151e9d4

              SHA512

              7d9b64017dabb1e8fb15211ca0bcd28ec29e776fc71cfd852de4981bd5806072af1217ac3719949d38c9f6d93e8bbb0987f954be8a221cacf2dc2aa8e1f49dcc

            • C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\TransportSecurity~RFe593406.TMP

              Filesize

              539B

              MD5

              abdf7fde85c7518e5c046bbe277b750b

              SHA1

              45e59d01d0edc96b4e6e42e81e0e6c5cd48c3cad

              SHA256

              509efc25f76133011a06bc6092b6d4672c11b63cd861b4ca8d7e38591a39e244

              SHA512

              23581e753fb898c4c0ed74db52f9a781e5f970fdeff487431692c1295e1cc0efa703eac22e0209ca7ce1ceaa7cbfd0e86ef35516783020acef4901fdc4ea0c5d

            • C:\Users\Admin\AppData\Local\Temp\TeraBox_status

              Filesize

              113B

              MD5

              5e07a2700816d7a9fc2e4e6a8bacc1f3

              SHA1

              d13a39609a0b9be347fcdcdcf6f438e02bc0a33c

              SHA256

              b8168c096e17041373f54f5d77f0da9ef63a60f66f8e2ad148a4b30701001ac4

              SHA512

              2e15a3f02dbac60d1c21bf938a5b3faf0b8a52135311d4788c4a105af22d8c613740d2cfb45359eb3114d805060de319c5ed6ca2a70a95aca59a71779ff387b5

            • memory/2544-56-0x00000000003F0000-0x0000000000AD4000-memory.dmp

              Filesize

              6.9MB

            • memory/2544-23-0x00000000048D0000-0x00000000048E0000-memory.dmp

              Filesize

              64KB

            • memory/2544-22-0x000000000AB80000-0x000000000AB81000-memory.dmp

              Filesize

              4KB

            • memory/2544-496-0x00000000048D0000-0x00000000048E0000-memory.dmp

              Filesize

              64KB

            • memory/2544-493-0x000000000AB80000-0x000000000AB81000-memory.dmp

              Filesize

              4KB

            • memory/2544-10-0x00000000003F0000-0x0000000000AD4000-memory.dmp

              Filesize

              6.9MB

            • memory/4320-437-0x0000000003940000-0x0000000003941000-memory.dmp

              Filesize

              4KB

            • memory/4320-432-0x0000000003080000-0x0000000003081000-memory.dmp

              Filesize

              4KB

            • memory/4320-436-0x0000000003930000-0x0000000003931000-memory.dmp

              Filesize

              4KB

            • memory/4320-433-0x00000000038E0000-0x00000000038E1000-memory.dmp

              Filesize

              4KB

            • memory/4320-434-0x0000000003920000-0x0000000003921000-memory.dmp

              Filesize

              4KB

            • memory/4320-435-0x00000000656C0000-0x0000000066AEC000-memory.dmp

              Filesize

              20.2MB

            • memory/4320-431-0x0000000003070000-0x0000000003071000-memory.dmp

              Filesize

              4KB

            • memory/4320-440-0x0000000003950000-0x0000000003951000-memory.dmp

              Filesize

              4KB

            • memory/4320-179-0x0000000000270000-0x0000000000310000-memory.dmp

              Filesize

              640KB

            • memory/4320-518-0x0000000000270000-0x0000000000310000-memory.dmp

              Filesize

              640KB

            • memory/4320-522-0x00000000656C0000-0x0000000066AEC000-memory.dmp

              Filesize

              20.2MB

            • memory/4320-194-0x0000000000270000-0x0000000000310000-memory.dmp

              Filesize

              640KB

            • memory/4448-394-0x0000000000270000-0x0000000000310000-memory.dmp

              Filesize

              640KB

            • memory/4448-395-0x0000000000270000-0x0000000000310000-memory.dmp

              Filesize

              640KB