15478914f5dc92f2dd3185be7655d0068dbb82a599f01e71a6947263b57c4812

Analysis

max time kernel
147s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
08/07/2024, 22:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

rtflib.exe
Size

22KB
MD5

f392b45bd2a468647ef8d4230f45c132
SHA1

786e8c5b01e07c52b68585e80bcda3cf865c33c9
SHA256

6c4c1d409fbd9a7a33f912317e665c1adaa5e254ecccc0ece8af8fd25597abc6
SHA512

c6120f81aa32c09a337fda70cacffb92a213b37e5d9d9882829f9ca6090d816080e008d6e6cbf0beb18af590f02feb0ed781b8e0eb382010877507c829e7d94b
SSDEEP

384:zkfCtNKvzHR+zZxhKzB+vU+V7qB8wuNb0nMzwBaxkNXvDEZZd6yW:Qm0Bk9V78uV0nRLEN6

Score

3^/10

Malware Config

Signatures

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2788	msedge.exe
2788	msedge.exe
4856	msedge.exe
4856	msedge.exe
4588	identity_helper.exe
4588	identity_helper.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe
3840	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 404 wrote to memory of 4856	404	rtflib.exe	87
PID 404 wrote to memory of 4856	404	rtflib.exe	87
PID 4856 wrote to memory of 3228	4856	msedge.exe	88
PID 4856 wrote to memory of 3228	4856	msedge.exe	88
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 1516	4856	msedge.exe	89
PID 4856 wrote to memory of 2788	4856	msedge.exe	90
PID 4856 wrote to memory of 2788	4856	msedge.exe	90
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91
PID 4856 wrote to memory of 1412	4856	msedge.exe	91

C:\Users\Admin\AppData\Local\Temp\rtflib.exe
"C:\Users\Admin\AppData\Local\Temp\rtflib.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.verypdf.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc24ee46f8,0x7ffc24ee4708,0x7ffc24ee4718
    3⤵
    PID:3228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2244 /prefetch:2
    3⤵
    PID:1516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
    3⤵
    PID:3616
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
    3⤵
    PID:4192
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3516 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
    3⤵
    PID:3728
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
    3⤵
    PID:3276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,454333170982044466,14456223332756495047,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3840

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:368

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
de1d175f3af722d1feb1c205f4e92d1e

SHA1
019cf8527a9b94bd0b35418bf7be8348be5a1c39

SHA256
1b99cae942ebf99c31795fa279d51b1a2379ca0af7b27bd3c58ea6c78a033924

SHA512
f0dcd08afd3c6a761cc1afa2846ec23fb5438d6127ebd535a754498debabd0b1ebd04858d1b98be92faf14b512f982b1f3dcbb702860e96877eb835f763f9734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
06b496d28461d5c01fc81bc2be6a9978

SHA1
36e7a9d9c7a924d5bb448d68038c7fe5e6cbf5aa

SHA256
e4a2d1395627095b0fa55e977e527ccb5b71dff3cd2d138df498f50f9f5ab507

SHA512
6488a807c978d38d65010583c1e5582548ab8102ebd68ee827e603c9bdfcdbb9f98a488d31414a829409f6edca8bd2eb4aadd4ff31b144de41249fa63a26bc91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\74af1107-6507-45cd-86a8-1ba0fb51e9e5.tmp

Filesize
7KB

MD5
9593ec4f2aac8189c46653f70c801384

SHA1
251dffb85deb01ba1172242ea5de2b8c62677190

SHA256
2ed71766266abb3970739e9c1ffb79159280f6b33722f33592b75879d9274045

SHA512
206b85909de468c6573edaae53fb84e74ada8b816762fd08197c60411dc41b71b5d4c1c68be03c54a7e8fa5465776203baeef5f9789117b012607dbc00d385bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
d0be3419d9af65b186846e09566d8816

SHA1
28f124c356fcf60a0c62ebf829a27792f24767ac

SHA256
55eb2f4d697088fb80f09cd34201f5bb34a7e29736185d4a7494c786a96d0170

SHA512
ee8034cbeb9334543cb1a4a4e0b70140e0b41f6c6c178d1b3b3ee0d6bb68b3bfba152cf1f9b7d7fab150bf7accfcdaf5c0be980bb7aa3816e3c8860c663ea58a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
95e7f31e7141e9cf9307e85bc3449021

SHA1
ca14ece4c919dfa66affb48a6770f5e684a73ca3

SHA256
b143d96c468e825a8a6da73e38d19e3365fb34874ba96f17bb1d733dfb3066e8

SHA512
db0f1381c9d73fb3d49e9b04764d4d9a18dc3d291ac3df7ad69dc37ac25cc2d215c5594d7775a6c71a5f1cbbb6d34f8691870db3975db1f77c7091cfe921e65c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f59191ed50c5cc0e8488e75c03bb1919

SHA1
7e4e24934663faa4fc9285d59092646f373994f1

SHA256
c2e7bed0cbf9233c3a0e2c8d698f1e8e6052b3f688a34a3ce6b2e56e3ca162a8

SHA512
aa4fe695445de4beb1ba27e13573fd51b32ee8e763dea3f0e4ff4d7f6fca2bf1778bcc6bc1202e9cdab7f235fb553bd9bb57df56512e6fe6a0492c832ef180a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
eb7a6e1cc70a724ce600c4bbd3fa0b5d

SHA1
74d6a4566decabe9ca59495683853a4767a67a3e

SHA256
51c9c40ac097a371d25dc63b0a31f91fcd792968ac2d7a8d8d148d0850398097

SHA512
761ae024b16caa369443015d0cbdcbd2fc69987914ec471e4e336e07366e441ff4559ebcc09be3cdc0b44e504a8c325625b3167e325cc74c18adf0e77f5f6d5d

Download Submit
memory/404-0-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download
memory/404-2-0x0000000000400000-0x0000000000412000-memory.dmp

Filesize
72KB

Download