cdd9213c986f4dcc1f2c07f584d564c6a3ba00c9c27fe016bf51fd70ff0ef973

Resubmissions

28-03-2024 13:35

240328-qvvdysfd4s 4

21-03-2024 15:21

240321-srcqvaed68 10

Analysis

max time kernel
146s
max time network
164s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
21-03-2024 15:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoUpdate/Autoupdate.exe
Size

2.8MB
MD5

8ccf980ea54f3605d4360645416ad152
SHA1

99231ce34e0ff68dd417c2246a5ca71d147f96fe
SHA256

40a650cb5d37d6a5b3d8674f50ae3f6e243ac80f595f64d0b72f97854d5f20df
SHA512

644c51032536934bf1ebce9c93e97d201f18fffd21d31fb083853c7084c8fc63a35c02907bf91be0301805103a892c3f03164f5543daa976b22788b364be1a21
SSDEEP

49152:x7L6oPOReVwkTVcXj/SZTLvIkP4qghgZnfw58hG7UB:x7NQeZVcX7aIFqgiZfS

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-399997616-3400990511-967324271-1000\{F2343791-9089-45CA-B96F-B387A8E24D20}	TeraBoxRender.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
2192	Autoupdate.exe
2192	Autoupdate.exe
1564	TeraBox.exe
1564	TeraBox.exe
1564	TeraBox.exe
1564	TeraBox.exe
1880	TeraBoxRender.exe
1880	TeraBoxRender.exe
4136	TeraBoxRender.exe
4136	TeraBoxRender.exe
4392	TeraBoxRender.exe
4392	TeraBoxRender.exe
968	TeraBoxRender.exe
968	TeraBoxRender.exe
864	TeraBoxHost.exe
864	TeraBoxHost.exe
864	TeraBoxHost.exe
864	TeraBoxHost.exe
864	TeraBoxHost.exe
864	TeraBoxHost.exe
1620	TeraBoxRender.exe
1620	TeraBoxRender.exe
2664	TeraBoxRender.exe
2664	TeraBoxRender.exe
2664	TeraBoxRender.exe
2664	TeraBoxRender.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: SeDebugPrivilege	2192	Autoupdate.exe
Token: SeIncreaseQuotaPrivilege	2192	Autoupdate.exe
Token: SeAssignPrimaryTokenPrivilege	2192	Autoupdate.exe
Token: SeManageVolumePrivilege	864	TeraBoxHost.exe
Token: SeBackupPrivilege	864	TeraBoxHost.exe
Token: SeSecurityPrivilege	864	TeraBoxHost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
1564	TeraBox.exe

Suspicious use of SendNotifyMessage 1 IoCs

pid	Process
1564	TeraBox.exe

Suspicious use of WriteProcessMemory 30 IoCs

description	pid	Process	procid_target
PID 1564 wrote to memory of 1880	1564	TeraBox.exe	92
PID 1564 wrote to memory of 1880	1564	TeraBox.exe	92
PID 1564 wrote to memory of 1880	1564	TeraBox.exe	92
PID 1564 wrote to memory of 4136	1564	TeraBox.exe	93
PID 1564 wrote to memory of 4136	1564	TeraBox.exe	93
PID 1564 wrote to memory of 4136	1564	TeraBox.exe	93
PID 1564 wrote to memory of 968	1564	TeraBox.exe	94
PID 1564 wrote to memory of 968	1564	TeraBox.exe	94
PID 1564 wrote to memory of 968	1564	TeraBox.exe	94
PID 1564 wrote to memory of 4392	1564	TeraBox.exe	95
PID 1564 wrote to memory of 4392	1564	TeraBox.exe	95
PID 1564 wrote to memory of 4392	1564	TeraBox.exe	95
PID 1564 wrote to memory of 2216	1564	TeraBox.exe	96
PID 1564 wrote to memory of 2216	1564	TeraBox.exe	96
PID 1564 wrote to memory of 2216	1564	TeraBox.exe	96
PID 1564 wrote to memory of 4104	1564	TeraBox.exe	98
PID 1564 wrote to memory of 4104	1564	TeraBox.exe	98
PID 1564 wrote to memory of 4104	1564	TeraBox.exe	98
PID 1564 wrote to memory of 864	1564	TeraBox.exe	101
PID 1564 wrote to memory of 864	1564	TeraBox.exe	101
PID 1564 wrote to memory of 864	1564	TeraBox.exe	101
PID 1564 wrote to memory of 4340	1564	TeraBox.exe	103
PID 1564 wrote to memory of 4340	1564	TeraBox.exe	103
PID 1564 wrote to memory of 4340	1564	TeraBox.exe	103
PID 1564 wrote to memory of 1620	1564	TeraBox.exe	105
PID 1564 wrote to memory of 1620	1564	TeraBox.exe	105
PID 1564 wrote to memory of 1620	1564	TeraBox.exe	105
PID 1564 wrote to memory of 2664	1564	TeraBox.exe	118
PID 1564 wrote to memory of 2664	1564	TeraBox.exe	118
PID 1564 wrote to memory of 2664	1564	TeraBox.exe	118

C:\Users\Admin\AppData\Local\Temp\AutoUpdate\Autoupdate.exe
"C:\Users\Admin\AppData\Local\Temp\AutoUpdate\Autoupdate.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2192
- C:\Users\Admin\AppData\Local\Temp\TeraBox.exe
  C:\Users\Admin\AppData\Local\Temp\TeraBox.exe NoUpdate
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1564
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2560,12967947381786687121,9453263955540318971,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.30.0.2;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2588 /prefetch:2
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:1880
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2560,12967947381786687121,9453263955540318971,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.30.0.2;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2960 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4136
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2560,12967947381786687121,9453263955540318971,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.30.0.2;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:968
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2560,12967947381786687121,9453263955540318971,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.30.0.2;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4392
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe"
    3⤵
    PID:2216
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
    -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Local\Temp\kernel.dll" -ChannelName terabox.1564.0.910672923\950368085 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.1.32" -PcGuid "TBIMXV2-O_BE73E4369ECD4CDD9A0AE9A8BD4C0073-C_0-D_QM00013-M_7A73248FA209-V_E2FA2FE3" -Version "1.30.0.2" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
    3⤵
    PID:4104
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Local\Temp\kernel.dll" -ChannelName terabox.1564.0.910672923\950368085 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.1.32" -PcGuid "TBIMXV2-O_BE73E4369ECD4CDD9A0AE9A8BD4C0073-C_0-D_QM00013-M_7A73248FA209-V_E2FA2FE3" -Version "1.30.0.2" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:864
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Local\Temp\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.1564.1.1615850467\1688963292 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.1.32" -PcGuid "TBIMXV2-O_BE73E4369ECD4CDD9A0AE9A8BD4C0073-C_0-D_QM00013-M_7A73248FA209-V_E2FA2FE3" -Version "1.30.0.2" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
    3⤵
    PID:4340
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2560,12967947381786687121,9453263955540318971,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.30.0.2;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1620
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2560,12967947381786687121,9453263955540318971,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.30.0.2;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2536 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2664

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AutoUpdate\config.ini

Filesize
164B

MD5
7ad75835d6d839517466414b1adcec95

SHA1
6cf8fc6316f88d76928baa61e04ed53b9e8093b8

SHA256
9f67cdcdadfbc265fe2dbc80d29695551e7e1eb0885efc0367a22e8ae0fe9c7c

SHA512
5bc141fdf59dc0f05b1eb9c44a678baa79034667f0030d3c8b1485b8462ba0161530023a09605b5cff009102b309f601ca14896eb12a7930dd06644b7c29ecae

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000056

Filesize
196KB

MD5
813c1b41e435242e7365a4bcd7adcf23

SHA1
2d25e1564eaf93455640413b95646b3f88f9075b

SHA256
70cb2151ee4ef83195855d29819491a23c5eafee2e72b7ffd9041b35363d1542

SHA512
268c4fa1797700a205e37e716c1472592ad6242344645c703ab1ab8d4d68452c3ccce7cdc4d56a0b42d4061bdc793f1c79dffc397f038133387b94b2a1f4051e

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
3d49b9d44b6bf53a4ce5f5b66407f73c

SHA1
f477f95baec2d9b06a4ead1182d6dc2157342def

SHA256
4f88f908d8b194dfe3e5e2b49dda4281d013da9f1ba554c144023285f753320f

SHA512
1cd27aa70423cf5a6e372b2eacebe737b570c40eafe54cd9202b6646c6f53952dcb121b13b78db2fb26594ee528a0f36d7501071431275ace6bd41abc1418a7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index~RFe58433e.TMP

Filesize
48B

MD5
623863ab302fd4690c9cc9e9be3514d6

SHA1
f99c8570483793c2d53fbaebd6881d8dda4988a6

SHA256
fc330623b60367f12275cde36d2329bfcf44b38eaa4f4763b3ec40ff7b2f8c9b

SHA512
fe1e1b5eb6efe9b9d5c013ce5f3fc17ccdf77b0fa32da60da43db2765e45f30f7f8bb52aecacc3552da9dfa2d3c583814aadd59c9eae747c094248f1e23cfb89

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State

Filesize
1KB

MD5
aa42faf0e85ed8b0d1ef3b62ecd585f9

SHA1
a6fcf44e9474910c39d86f275482140be20b95fc

SHA256
3d7b68e600868b7a21600a38b534227cc59ce97f2c8e2799d07453b4bf657ec1

SHA512
0f21ff322a898beae80a25a13ba73ef160d2dca2f4dec4cff8efc4feb0ec9026dbe015959151448a45bf30d5622714e391e46e084f97f460ebac7ae46e998fd3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State~RFe58b1a7.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/864-187-0x0000000064DC0000-0x00000000661EC000-memory.dmp

Filesize
20.2MB

Download
memory/864-355-0x0000000000390000-0x0000000000430000-memory.dmp

Filesize
640KB

Download
memory/864-177-0x00000000029A0000-0x00000000029A1000-memory.dmp

Filesize
4KB

Download
memory/864-184-0x00000000029F0000-0x00000000029F1000-memory.dmp

Filesize
4KB

Download
memory/864-179-0x00000000029E0000-0x00000000029E1000-memory.dmp

Filesize
4KB

Download
memory/864-70-0x0000000000390000-0x0000000000430000-memory.dmp

Filesize
640KB

Download
memory/864-196-0x0000000002A00000-0x0000000002A01000-memory.dmp

Filesize
4KB

Download
memory/864-207-0x0000000003160000-0x0000000003161000-memory.dmp

Filesize
4KB

Download
memory/864-71-0x0000000000390000-0x0000000000430000-memory.dmp

Filesize
640KB

Download
memory/864-172-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/864-358-0x0000000064DC0000-0x00000000661EC000-memory.dmp

Filesize
20.2MB

Download
memory/864-356-0x0000000064DC0000-0x00000000661EC000-memory.dmp

Filesize
20.2MB

Download
memory/864-178-0x00000000029B0000-0x00000000029B1000-memory.dmp

Filesize
4KB

Download
memory/1564-353-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/1564-350-0x0000000009EE0000-0x0000000009EE1000-memory.dmp

Filesize
4KB

Download
memory/1564-349-0x0000000000AF0000-0x00000000011D5000-memory.dmp

Filesize
6.9MB

Download
memory/1564-10-0x0000000000AF0000-0x00000000011D5000-memory.dmp

Filesize
6.9MB

Download
memory/1564-31-0x0000000004D80000-0x0000000004D90000-memory.dmp

Filesize
64KB

Download
memory/1564-28-0x0000000009EE0000-0x0000000009EE1000-memory.dmp

Filesize
4KB

Download
memory/4340-274-0x0000000000390000-0x0000000000430000-memory.dmp

Filesize
640KB

Download