09e65a661e85c3a3ab0e848809e44f20332b9f46cf5da364c7c8d3992c957f85

Analysis

max time kernel
143s
max time network
155s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
06-06-2024 14:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AutoUpdate/Autoupdate.exe
Size

2.8MB
MD5

94c5b0443f1c39b71b22931509bf1985
SHA1

35cb27275187b8c0da72d00b8551aaf2c1059794
SHA256

7260c2623c4277b045d97e87a677d41bbfd11647109a4d648c311310889cebfb
SHA512

a08a897095239f367c51b36724f54aa961420e07f76185075902efd7ee023eb8f0a6c8b49769158fbf9372377028182515995b0ac0b7277e12a2640a3e6a3721
SSDEEP

49152:57L6oPOReVwkTVcXj/SZTLvIkP4qgh7Xufw58hG7UB:57NQeZVcX7aIFqgtX8S

Score

1^/10

Malware Config

Signatures

Modifies registry class 1 IoCs

Processes:

TeraBoxRender.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4124900551-4068476067-3491212533-1000\{AE801D1F-C6A8-4AE9-BDCF-76CD39D61CDC}	TeraBoxRender.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

Processes:

Autoupdate.exeTeraBox.exeTeraBoxRender.exeTeraBoxRender.exeTeraBoxRender.exeTeraBoxRender.exeTeraBoxHost.exeTeraBoxRender.exeTeraBoxRender.exe

pid	process
4968	Autoupdate.exe
4968	Autoupdate.exe
1456	TeraBox.exe
1456	TeraBox.exe
1456	TeraBox.exe
1456	TeraBox.exe
2892	TeraBoxRender.exe
2892	TeraBoxRender.exe
2592	TeraBoxRender.exe
2592	TeraBoxRender.exe
1360	TeraBoxRender.exe
1360	TeraBoxRender.exe
2008	TeraBoxRender.exe
2008	TeraBoxRender.exe
224	TeraBoxHost.exe
224	TeraBoxHost.exe
224	TeraBoxHost.exe
224	TeraBoxHost.exe
224	TeraBoxHost.exe
224	TeraBoxHost.exe
1356	TeraBoxRender.exe
1356	TeraBoxRender.exe
4428	TeraBoxRender.exe
4428	TeraBoxRender.exe
4428	TeraBoxRender.exe
4428	TeraBoxRender.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

Autoupdate.exeTeraBoxHost.exe

description	pid	process
Token: SeDebugPrivilege	4968	Autoupdate.exe
Token: SeIncreaseQuotaPrivilege	4968	Autoupdate.exe
Token: SeAssignPrimaryTokenPrivilege	4968	Autoupdate.exe
Token: SeManageVolumePrivilege	224	TeraBoxHost.exe
Token: SeBackupPrivilege	224	TeraBoxHost.exe
Token: SeSecurityPrivilege	224	TeraBoxHost.exe

Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

TeraBox.exe

pid process

1456 TeraBox.exe
Suspicious use of SendNotifyMessage 1 IoCs

Processes:

TeraBox.exe

pid process

1456 TeraBox.exe

pid	process
1456	TeraBox.exe

pid	process
1456	TeraBox.exe

Suspicious use of WriteProcessMemory 30 IoCs

Processes:

TeraBox.exe

description	pid	process	target process
PID 1456 wrote to memory of 2892	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2892	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2892	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2592	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2592	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2592	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2008	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2008	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2008	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 1360	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 1360	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 1360	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2032	1456	TeraBox.exe	TeraBoxWebService.exe
PID 1456 wrote to memory of 2032	1456	TeraBox.exe	TeraBoxWebService.exe
PID 1456 wrote to memory of 2032	1456	TeraBox.exe	TeraBoxWebService.exe
PID 1456 wrote to memory of 4696	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 4696	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 4696	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 224	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 224	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 224	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 1356	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 1356	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 1356	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 2212	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 2212	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 2212	1456	TeraBox.exe	TeraBoxHost.exe
PID 1456 wrote to memory of 4428	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 4428	1456	TeraBox.exe	TeraBoxRender.exe
PID 1456 wrote to memory of 4428	1456	TeraBox.exe	TeraBoxRender.exe

C:\Users\Admin\AppData\Local\Temp\AutoUpdate\Autoupdate.exe
"C:\Users\Admin\AppData\Local\Temp\AutoUpdate\Autoupdate.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4968
- C:\Users\Admin\AppData\Local\Temp\TeraBox.exe
  C:\Users\Admin\AppData\Local\Temp\TeraBox.exe NoUpdate
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1456
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2468,14017324429756845647,13924486654877330161,131072 --enable-features=CastMediaRouteProvider --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2596 /prefetch:2
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2892
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2468,14017324429756845647,13924486654877330161,131072 --enable-features=CastMediaRouteProvider --lang=en-US --service-sandbox-type=network --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=2964 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2592
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2468,14017324429756845647,13924486654877330161,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4172 /prefetch:1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2008
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2468,14017324429756845647,13924486654877330161,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1360
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxWebService.exe"
    3⤵
    PID:2032
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
    -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Local\Temp\kernel.dll" -ChannelName terabox.1456.0.2133911136\621764453 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.102" -PcGuid "TBIMXV2-O_1DCCDF3882C648D2A2E85E5BD9FD6A1F-C_0-D_DD00013-M_46FD0705B728-V_55AEFB98" -Version "1.31.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
    3⤵
    PID:4696
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe" -PluginId 1502 -PluginPath "C:\Users\Admin\AppData\Local\Temp\kernel.dll" -ChannelName terabox.1456.0.2133911136\621764453 -QuitEventName TERABOX_KERNEL_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.102" -PcGuid "TBIMXV2-O_1DCCDF3882C648D2A2E85E5BD9FD6A1F-C_0-D_DD00013-M_46FD0705B728-V_55AEFB98" -Version "1.31.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:224
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=renderer --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --field-trial-handle=2468,14017324429756845647,13924486654877330161,131072 --enable-features=CastMediaRouteProvider --lang=en-US --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;10.0.19041;WindowsTeraBox" --disable-extensions --ppapi-flash-path="C:\Users\Admin\AppData\Local\Temp\pepflashplayer.dll" --ppapi-flash-version=20.0.0.306 --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1356
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxHost.exe" -PluginId 1501 -PluginPath "C:\Users\Admin\AppData\Local\Temp\module\VastPlayer\VastPlayer.dll" -ChannelName terabox.1456.1.793293455\982617900 -QuitEventName TERABOX_VIDEO_PLAY_SDK_997C8EFA-C5ED-47A0-A6A8-D139CD6017F4 -TeraBoxId "" -IP "10.127.0.102" -PcGuid "TBIMXV2-O_1DCCDF3882C648D2A2E85E5BD9FD6A1F-C_0-D_DD00013-M_46FD0705B728-V_55AEFB98" -Version "1.31.0.1" -DiskApiHttps 0 -StatisticHttps 0 -ReportCrash 1
    3⤵
    PID:2212
- - C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe
    "C:\Users\Admin\AppData\Local\Temp\TeraBoxRender.exe" --type=gpu-process --field-trial-handle=2468,14017324429756845647,13924486654877330161,131072 --enable-features=CastMediaRouteProvider --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-sandbox --locales-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres\locales" --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --log-severity=disable --resources-dir-path="C:\Users\Admin\AppData\Local\Temp\browserres" --user-agent="Mozilla/5.0; (Windows NT 10.0; WOW64); AppleWebKit/537.36; (KHTML, like Gecko); Chrome/86.0.4240.198; Safari/537.36; terabox;1.31.0.1;PC;PC-Windows;10.0.19041;WindowsTeraBox" --lang=en-US --gpu-preferences=MAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAIAAAQAAAAAAAAAAAAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAA= --log-file="C:\Users\Admin\AppData\Local\Temp\debug.log" --mojo-platform-channel-handle=4836 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4428

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\AutoUpdate\config.ini

Filesize
164B

MD5
f093b6190b892e9491a011be9e51ac4f

SHA1
ad3207adf3ac923af833603cf07e90418f0f17f6

SHA256
04ee34b57dedf6fc06eddd5f52e51750ade1a208fae50b7aa7bc98ff8be04213

SHA512
b71d7b7849588640f5f6f8a8aabc505ec9ff5147ed6cbc355f5496834915d1e7898fbe95795face04a832c3f433ca804395acc7a5ffff03f74617631aaf1dc81

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Cache\f_000055

Filesize
207KB

MD5
e955953b801c04327c1e96c67dd3c618

SHA1
f9061d3780f153e863478106bf1afd85132bccb0

SHA256
e8965a2d52ef25918ebee58ab6971745d396177a7943acf1ed53a65bb4dddd45

SHA512
6318ff1eb838954dd73dab5ed891d47f4f39089fa5e899d30183c32269c5620bd09d169af4cf8303e3d5c2ebab23cfe9ae5d9fa5c3281023abb009f66a25782a

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
1d2da5d48fe29ed50f11f26cd7a2c9d1

SHA1
4bb7decbd06ae0cc58cdddd0330c11d1c00128f3

SHA256
1e806c7736903e918d0ce911be7b999725eae8bd430528fbfd1895b4b63e1e08

SHA512
75397ea7989d062c79e4572daf190772dad28fd24047c96bff83f032202bf2948e9aeb963052f73352ebc9c7e9da345fd1a68ec93cf54addf183cc85dec566c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Code Cache\js\index-dir\the-real-index~RFe5829bb.TMP

Filesize
48B

MD5
5d1cc2ef69bc2dbc6fa6a44c23f5ec2a

SHA1
02f4c09af54c7c653dc1c56795b55a67ae784089

SHA256
d128b38e1e278874d1acb76f794002965c5fbb37f10c2e29fc16b2376492f85a

SHA512
65f80160f9ae1121bfa8bd8c30c31ea7c272e1b47a38bcd423bea6ccd14155fb87c979ca5c859d476cdc752a3d6ca9c02fec4435b24e28a42b5c2263b8590389

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\IndexedDB\https_www.terabox.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State

Filesize
1KB

MD5
219f1cb7cb252ef3de44e2939fab2b48

SHA1
aa1a83368b6bbc69d294d7ac3089f3873135fd42

SHA256
5751738e77c360a56a145eda41ab3ed9ddb3345fc28db459601c5391e3cb3228

SHA512
9a39ff3707929f39affc3487f41a4ea6d050a96afc021b37e656c74465a739aba9b6851c6b7735711ca22e6ffd86494210e86a5a2a4592e4c7972cbe175059eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\TeraBox\browsercache\Network Persistent State~RFe589083.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
memory/224-274-0x0000000003230000-0x0000000003231000-memory.dmp

Filesize
4KB

Download
memory/224-270-0x00000000010F0000-0x00000000010F1000-memory.dmp

Filesize
4KB

Download
memory/224-269-0x00000000010E0000-0x00000000010E1000-memory.dmp

Filesize
4KB

Download
memory/224-276-0x0000000003240000-0x0000000003241000-memory.dmp

Filesize
4KB

Download
memory/224-277-0x00000000653D0000-0x00000000667FC000-memory.dmp

Filesize
20.2MB

Download
memory/224-271-0x0000000001100000-0x0000000001101000-memory.dmp

Filesize
4KB

Download
memory/224-272-0x0000000001110000-0x0000000001111000-memory.dmp

Filesize
4KB

Download
memory/224-273-0x0000000003220000-0x0000000003221000-memory.dmp

Filesize
4KB

Download
memory/1456-350-0x0000000000E60000-0x00000000014C1000-memory.dmp

Filesize
6.4MB

Download
memory/1456-10-0x0000000000E6A000-0x0000000000E6B000-memory.dmp

Filesize
4KB

Download
memory/1456-30-0x0000000000E60000-0x00000000014C1000-memory.dmp

Filesize
6.4MB

Download