gcleaner | b434527e3f55425dc624118395ee28b4725e81464863dfd15d175dd74fbd9a6a

Resubmissions

02-09-2024 02:19

240902-crxs1syfmm 10

07-07-2024 21:02

240707-zvllgsyaqp 10

01-07-2024 21:37

240701-1gjemsverk 10

Analysis

max time kernel
299s
max time network
307s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
07-07-2024 21:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4363463463464363463463463.exe
Size

10KB
MD5

2a94f3960c58c6e70826495f76d00b85
SHA1

e2a1a5641295f5ebf01a37ac1c170ac0814bb71a
SHA256

2fcad226b17131da4274e1b9f8f31359bdd325c9568665f08fd1f6c5d06a23ce
SHA512

fbf55b55fcfb12eb8c029562956229208b9e8e2591859d6336c28a590c92a4d0f7033a77c46ef6ebe07ddfca353aba1e84b51907cd774beab148ee901c92d62f
SSDEEP

192:xlwayyHOXGc20L7BIW12n/ePSjiTlzkGu8stYcFwVc03KY:xlwwHe/20PKn/cLTlHuptYcFwVc03K

Score

10^/10

gcleaner loader

Malware Config

Extracted

Family

gcleaner

185.172.128.90

185.172.128.69

Attributes

url_path
/advdlc.php

Signatures

GCleaner
GCleaner is a Pay-Per-Install malware loader first discovered in early 2019.
loader gcleaner
Downloads MZ/PE file
Executes dropped EXE 3 IoCs

Processes:

net.exeasdfg.exeinte.exe

pid process

2880 net.exe
224 asdfg.exe
904 inte.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

1 raw.githubusercontent.com
31 raw.githubusercontent.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Delays execution with timeout.exe 1 IoCs
evasion

Processes:

timeout.exe

pid process

736 timeout.exe
Kills process with taskkill 2 IoCs
evasion

Processes:

taskkill.exetaskkill.exe

pid process

4616 taskkill.exe
2320 taskkill.exe
Runs net.exe
Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

4363463463464363463463463.exenet.exeasdfg.exe

description pid process

Token: SeDebugPrivilege 1136 4363463463464363463463463.exe
Token: SeDebugPrivilege 2880 net.exe
Token: SeDebugPrivilege 224 asdfg.exe

pid	process
2880	net.exe
224	asdfg.exe
904	inte.exe

flow	ioc
1	raw.githubusercontent.com
31	raw.githubusercontent.com

pid	process
736	timeout.exe

pid	process
4616	taskkill.exe
2320	taskkill.exe

description	pid	process
Token: SeDebugPrivilege	1136	4363463463464363463463463.exe
Token: SeDebugPrivilege	2880	net.exe
Token: SeDebugPrivilege	224	asdfg.exe

Suspicious use of WriteProcessMemory 9 IoCs

Processes:

4363463463464363463463463.exe

description	pid	process	target process
PID 1136 wrote to memory of 2880	1136	4363463463464363463463463.exe	net.exe
PID 1136 wrote to memory of 2880	1136	4363463463464363463463463.exe	net.exe
PID 1136 wrote to memory of 2880	1136	4363463463464363463463463.exe	net.exe
PID 1136 wrote to memory of 224	1136	4363463463464363463463463.exe	asdfg.exe
PID 1136 wrote to memory of 224	1136	4363463463464363463463463.exe	asdfg.exe
PID 1136 wrote to memory of 224	1136	4363463463464363463463463.exe	asdfg.exe
PID 1136 wrote to memory of 904	1136	4363463463464363463463463.exe	inte.exe
PID 1136 wrote to memory of 904	1136	4363463463464363463463463.exe	inte.exe
PID 1136 wrote to memory of 904	1136	4363463463464363463463463.exe	inte.exe

C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe
"C:\Users\Admin\AppData\Local\Temp\4363463463464363463463463.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1136

C:\Users\Admin\AppData\Local\Temp\Files\net.exe
"C:\Users\Admin\AppData\Local\Temp\Files\net.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2880

C:\Users\Admin\AppData\Local\Temp\Files\asdfg.exe
"C:\Users\Admin\AppData\Local\Temp\Files\asdfg.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:224

C:\Users\Admin\AppData\Local\Temp\Files\inte.exe
"C:\Users\Admin\AppData\Local\Temp\Files\inte.exe"
2⤵
- Executes dropped EXE
PID:904

C:\Users\Admin\AppData\Roaming\muAKh1yzqVd\lmcc4N7bVsM.exe
"C:\Users\Admin\AppData\Roaming\muAKh1yzqVd\lmcc4N7bVsM.exe"
3⤵
PID:2844

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "inte.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\Files\inte.exe" & exit
3⤵
PID:3128

C:\Windows\SysWOW64\taskkill.exe
taskkill /im "inte.exe" /f
4⤵
- Kills process with taskkill
PID:4616

C:\Users\Admin\AppData\Local\Temp\Files\zxcvb.exe
"C:\Users\Admin\AppData\Local\Temp\Files\zxcvb.exe"
2⤵
PID:3300

C:\Users\Admin\AppData\Local\Temp\Files\univ.exe
"C:\Users\Admin\AppData\Local\Temp\Files\univ.exe"
2⤵
PID:3632

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe" /c taskkill /im "univ.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\Files\univ.exe" & exit
3⤵
PID:3008

C:\Windows\SysWOW64\taskkill.exe
taskkill /im "univ.exe" /f
4⤵
- Kills process with taskkill
PID:2320

C:\Users\Admin\AppData\Local\Temp\Files\cp.exe
"C:\Users\Admin\AppData\Local\Temp\Files\cp.exe"
2⤵
PID:2156

C:\Users\Admin\AppData\Local\Temp\Files\native.exe
"C:\Users\Admin\AppData\Local\Temp\Files\native.exe"
2⤵
PID:1860

C:\Users\Admin\AppData\Local\Temp\Files\ama.exe
"C:\Users\Admin\AppData\Local\Temp\Files\ama.exe"
2⤵
PID:2664

C:\Users\Admin\AppData\Local\Temp\Files\ma.exe
"C:\Users\Admin\AppData\Local\Temp\Files\ma.exe"
2⤵
PID:4060

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpE8CB.tmp.bat""
3⤵
PID:4528

C:\Windows\system32\timeout.exe
timeout 3
4⤵
- Delays execution with timeout.exe
PID:736

C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
"C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe"
4⤵
PID:3480

C:\Users\Admin\AppData\Local\Temp\Files\cayV0Deo9jSt417.exe
"C:\Users\Admin\AppData\Local\Temp\Files\cayV0Deo9jSt417.exe"
2⤵
PID:4252

C:\Windows\SysWOW64\clip.exe
"C:\Windows\SysWOW64\clip.exe"
3⤵
PID:3524

C:\Users\Admin\AppData\Roaming\System32\taskhost.exe
"C:\Users\Admin\AppData\Roaming\System32\taskhost.exe"
4⤵
PID:928

C:\Users\Admin\AppData\Local\Temp\Files\ghjkl.exe
"C:\Users\Admin\AppData\Local\Temp\Files\ghjkl.exe"
2⤵
PID:2416

C:\Users\Admin\AppData\Local\Temp\Files\NBYS%20ASM.NET.exe
"C:\Users\Admin\AppData\Local\Temp\Files\NBYS%20ASM.NET.exe"
2⤵
PID:1588

C:\Users\Admin\AppData\Local\Temp\Files\quickaccesspopup.exe
"C:\Users\Admin\AppData\Local\Temp\Files\quickaccesspopup.exe"
2⤵
PID:4204

C:\Users\Admin\AppData\Local\Temp\One_Dragon_Center\MSI.CentralServer.exe
C:\Users\Admin\AppData\Local\Temp\One_Dragon_Center\MSI.CentralServer.exe
1⤵
PID:4844

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
Filesize
1.6MB

MD5
38b8f3fdb091051aa22cfe6612f6b78c

SHA1
82b87a4bc741b5266ae1f34909796f7d6c7ec3a5

SHA256
d2df61b5b53715d6a6dc55ea69d5f92a72f1768c5b872248e0ceffe3ef5485d2

SHA512
728b7062f02263ce84c10ff499db445cf75c8293ab7d06433445b36b78a936cb4b9926c4e132164cf37abbce3e20336313ceb769fa7645a156b0954fe6f1dde2

Download Submit
C:\ProgramData\SystemPropertiesDataExecutionPrevention\.exe
Filesize
1.8MB

MD5
74b88066c8cc9b8733c975a92a2babcc

SHA1
27930f08d2f29a41a0e29575197a1b1aef105720

SHA256
66d8e4dae6b16996a9812f1816ffe5c36530c5a2351a01bcac9f457fd1239ef4

SHA512
8314b6ee349e7e1e272923f6d9f94ebecaf44e63aada9b516264f7da50c7bc538a2d7c9a540c1bc6b2585953aa7dbfe60d5f0cdb42e5b9c61ff4b579aeea77c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\NBYS%20ASM.NET.exe
Filesize
644KB

MD5
826879314a9d122eef6cecd118c99baa

SHA1
1246f26eea2e0499edf489a5f7e06c6e4de989f6

SHA256
0e8b9e2c001983dbf72bf112931234c252ffbf41f8fe7b613f68f1dc922e3ec9

SHA512
20930a3e0e73bd05d0c117d5dd3fbf6ebdf27abe0a2216a4188baefc7d30d654e7fb63e00cc963e4c71505ab4e51d12e33eeff7b03aae55147429c34cd1e1f0e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\ama.exe
Filesize
1.4MB

MD5
04055601abbd16ec6cc9e02450c19381

SHA1
420bd7c7cad59f1b7cdd2c8a64282ef6f06cfe6e

SHA256
b7620bff5539ff22c251c32e62961beae4f5a91b0f6c73dde1a7da941b93fe13

SHA512
826c13cf6a37c561fb9052b3a0a7424df7d2fe424fe8c3783440c4483aa46a2cf1e4c275c7c080a130e178c7ac3221bb9224126ef4ab0bee38c24b12fa2a70ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\cayV0Deo9jSt417.exe
Filesize
958KB

MD5
aa3cdd5145d9fb980c061d2d8653fa8d

SHA1
de696701275b01ddad5461e269d7ab15b7466d6a

SHA256
41376827ba300374727d29048920ca2a2d9f20b929e964098181981581e47af2

SHA512
4be32b5e9eaffa8d3f4cce515717faa6259373e8dbd258b9ebc2534fd0b62aaa7043093204e43627983fe332f63d8f998a90dc1cbb74f54a18c55f67e42a8a32

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\cp.exe
Filesize
1.8MB

MD5
97256cf11c9109c24fde65395fef1306

SHA1
e60278d8383912f03f25e3f92bf558e2a33f229d

SHA256
21c23083404349dbc8e7094338acaa07ea5a7e3a442bb81a528e06c175b8d934

SHA512
41e9c7911c1f461ec389ac9d430898bd9e21accf6b4291d30c4e743084bb19c2ae9279597f4a43cfaec621263cb135c3ada21e23e27cc7961c794fa499910c6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\inte.exe
Filesize
176KB

MD5
0da0d1efee859f1fe9cbd3bf5b428af6

SHA1
90d3d7808ef27aac585a8538bade43d9df03c3fc

SHA256
21382b6a3f31731282f1c2801626f85ac4eb2c9f9b2c02921ccb4f7ec2fef295

SHA512
7968b654b5eca0267601126b4b25b6f70a4e85df873e296d1dfffe99ef8f76262603f730f2c483592a18522488aeb87aac891346395a0eb651e3eaa648e49ba7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\ma.exe
Filesize
5.0MB

MD5
a3fb2b623f4490ae1979fea68cfe36d6

SHA1
34bec167e0f95ecc36761f77c93c1229c2c5d1f4

SHA256
3bc9c1d7f87f71c9e98fac63c2f10d2651f51848082a85d6b3550649e4289d56

SHA512
370b23364bcf8f07aa951c1c6a9d6b03b516db8fd7444d25087ad8071c54bb06fd50ce311a205e0770211167728d86516e934a39a606f0bf0c9fbdd13dca7912

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\net.exe
Filesize
5.4MB

MD5
a2a9c309c5300a53d2c2fc41b71b174b

SHA1
f6c26eae1925425fa8966266e87a57b688fad218

SHA256
7ccfae8644c3bc7439b88f2dc0de06bb5082de09b0bf5e143de17487ff252224

SHA512
a29eec8fa98174a74e9bd93c5902cdd95ce329ff8b7a1469901a95705dc1d7fffde58afa296399febb8559d8cd73c932945e85cce8af54e7a672d8f1618e3f7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\quickaccesspopup.exe
Filesize
768KB

MD5
2f4efae070860cbd4b30f68c3bac8a21

SHA1
79c03e7fcd11268f2aa142a425950737938435de

SHA256
8b1a426c90d3fca327c745815473c8e5d81eed021a66bf682729432631aca9b9

SHA512
037dfb2971437ff5f5b559e914a4b45f316111ebf8463b0b03d42404716a73c28b37eea5de30b500eb739196aa1b5db91a094043d382f0607d437d7990a3257b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Files\univ.exe
Filesize
234KB

MD5
217b817f890ef7fc49dc9207d55d2a01

SHA1
c25b4b908a3f7e2ebc24a837fc311f2cba168447

SHA256
4952bdcedd7e1b79a220f6aa4e60e8161e5b18a6dc587c14f98052be633df538

SHA512
f54cf892bdadc0a899a6f636c11c098c4d4137504246bcd23a5a43ba334669ceec36fd920d635d053e5e38f5225cdf50bf5745dc2994b0f67f3c91550a525082

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpE8CB.tmp.bat
Filesize
168B

MD5
3d14d6d476e2651550b23e711b80d80c

SHA1
89d3bf9c2954bd08a63adf228ffd060fa3015ed3

SHA256
ee98323e8a1f8cbf51b0aaa73870938f7c602e899135e3cd96de149ee84ecada

SHA512
7eca98f4bd65c2cad6151687393db6732dfbb9ba31791326b652936f2b3719d36526dcbd91e213855476e525a8642a2b105d781279650ea021cee0764ad1873e

Download Submit
C:\Users\Admin\AppData\Roaming\System32\taskhost.exe
Filesize
24KB

MD5
18ad682a1f96f3faf44b4a92bba4cee8

SHA1
baa12e51e501f52948e5321e5ad05a6c9e75067f

SHA256
e840540406079c00b18cab60c62a95e5a884b762ef4c93e9a25af2829ec6ff88

SHA512
f6b36b0da36437b36065c26abc8886de2572b7cada844137eb431e2f6266157ab7fa3fed0efb6846d0cfebe0f9a9c62a583df8d02cd102f7a9e5afa448c8fed6

Download Submit
C:\Users\Admin\AppData\Roaming\muAKh1yzqVd\lmcc4N7bVsM.exe
Filesize
4KB

MD5
f328a95046e3a2514c36347eaec911c0

SHA1
8ec9c18384ca1e08a397bf7b3d46b6d784669ef0

SHA256
d55e86610dcad29c3d2857d9dae91aa51228b1fa001ea2d7bda88b9a2b5570a9

SHA512
2fc3621433c5da3dcb5b9d9133cd9d63d8f53fd60c81ddab8b83bad60efb98942fc38a63dfa98edfc8358c8e4e345a7ec8fa3aa14c18d4337cdd90ea0aed4718

Download Submit
memory/224-79-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/224-14612-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/224-4899-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/224-14927-0x0000000008060000-0x0000000008410000-memory.dmp

Filesize
3.7MB

Download
memory/1136-3-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/1136-0-0x000000007484E000-0x000000007484F000-memory.dmp

Filesize
4KB

Download
memory/1136-1-0x0000000000530000-0x0000000000538000-memory.dmp

Filesize
32KB

Download
memory/1136-2-0x0000000005020000-0x00000000050BC000-memory.dmp

Filesize
624KB

Download
memory/1136-5-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/1136-4-0x000000007484E000-0x000000007484F000-memory.dmp

Filesize
4KB

Download
memory/1588-12170-0x0000000008360000-0x00000000083B6000-memory.dmp

Filesize
344KB

Download
memory/1588-11472-0x0000000000180000-0x0000000000228000-memory.dmp

Filesize
672KB

Download
memory/1588-11681-0x0000000007E50000-0x0000000008082000-memory.dmp

Filesize
2.2MB

Download
memory/1588-13842-0x0000000009680000-0x000000000974E000-memory.dmp

Filesize
824KB

Download
memory/1588-12169-0x0000000008080000-0x000000000808A000-memory.dmp

Filesize
40KB

Download
memory/1588-13841-0x000000000B010000-0x000000000B367000-memory.dmp

Filesize
3.3MB

Download
memory/2844-4983-0x00000000002C0000-0x00000000002C8000-memory.dmp

Filesize
32KB

Download
memory/2880-40-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-59-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-76-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-82-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-90-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-101-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-102-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-64-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-96-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-98-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-95-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-92-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-89-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-86-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-70-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-85-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-3719-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/2880-62-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-23-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-68-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-57-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-72-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-26-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-32-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-18-0x0000000074840000-0x0000000074FF1000-memory.dmp

Filesize
7.7MB

Download
memory/2880-44-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-17-0x0000000000F90000-0x0000000001508000-memory.dmp

Filesize
5.5MB

Download
memory/2880-19-0x0000000007170000-0x00000000076E4000-memory.dmp

Filesize
5.5MB

Download
memory/2880-20-0x00000000065F0000-0x0000000006B96000-memory.dmp

Filesize
5.6MB

Download
memory/2880-21-0x0000000006040000-0x00000000060D2000-memory.dmp

Filesize
584KB

Download
memory/2880-45-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-47-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-42-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-37-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-35-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-34-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-29-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-27-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/2880-22-0x0000000007170000-0x00000000076DE000-memory.dmp

Filesize
5.4MB

Download
memory/4060-9566-0x0000000000F20000-0x0000000001424000-memory.dmp

Filesize
5.0MB

Download
memory/4252-10885-0x00000000052B0000-0x0000000005356000-memory.dmp

Filesize
664KB

Download
memory/4252-10438-0x0000000000010000-0x0000000000106000-memory.dmp

Filesize
984KB

Download
memory/4252-10439-0x0000000004890000-0x0000000004898000-memory.dmp

Filesize
32KB

Download
memory/4252-10440-0x00000000048D0000-0x00000000048EA000-memory.dmp

Filesize
104KB

Download