b4474348e53f927c304f9b7da84928aa3425484ec7715590b130bf71ea8afe1d

Analysis

max time kernel
150s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 18:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SparxMaths-Solver.exe
Size

154.7MB
MD5

cf13faa611382584795946cc3006953a
SHA1

24cbc29c5ba7bc05e74c10aefe5a8785036dc0a7
SHA256

65e65a584a8f71f033a76d9fa616f655e0a8a7ba83df27e0b461d311258eb995
SHA512

7af524a5d5ba47e749d671373accafd5085aca0c3c3364a9fe6b71361a82358ec311a0407e942f0adfb12a43d4c761a70b1c3e0eb6910475222539ce04cc8bd8
SSDEEP

1572864:mTmw0ciLNpDPuAvHxJLkY2O6Ea3f9kwZXeT6EivLp1vUAtdjtZn+f4FnIvGaC9dU:hv6E70+Mk

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

SparxMaths-Solver.exeSparxMaths-Solver.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	SparxMaths-Solver.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	SparxMaths-Solver.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

14 discord.com
15 discord.com
16 discord.com
17 discord.com

flow	ioc
14	discord.com
15	discord.com
16	discord.com
17	discord.com

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

SparxMaths-Solver.exeSparxMaths-Solver.exe

pid	process
3796	SparxMaths-Solver.exe
3796	SparxMaths-Solver.exe
220	SparxMaths-Solver.exe
220	SparxMaths-Solver.exe
220	SparxMaths-Solver.exe
220	SparxMaths-Solver.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

SparxMaths-Solver.exe

description	pid	process
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe
Token: SeShutdownPrivilege	3968	SparxMaths-Solver.exe
Token: SeCreatePagefilePrivilege	3968	SparxMaths-Solver.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SparxMaths-Solver.exe

description	pid	process	target process
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 2972	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 3796	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 3796	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe
PID 3968 wrote to memory of 916	3968	SparxMaths-Solver.exe	SparxMaths-Solver.exe

C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe
"C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe"
1⤵
- Checks computer location settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3968
- C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe
  "C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\SparxMaths-Solver" --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 --field-trial-handle=2076,i,17901868560616686483,12482526572165048938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  PID:2972
- C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe
  "C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\SparxMaths-Solver" --mojo-platform-channel-handle=2340 --field-trial-handle=2076,i,17901868560616686483,12482526572165048938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe
  "C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\SparxMaths-Solver" --app-path="C:\Users\Admin\AppData\Local\Temp\resources\app.asar" --enable-sandbox --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2688 --field-trial-handle=2076,i,17901868560616686483,12482526572165048938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:1
  2⤵
  - Checks computer location settings
  PID:916
- C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe
  "C:\Users\Admin\AppData\Local\Temp\SparxMaths-Solver.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --user-data-dir="C:\Users\Admin\AppData\Roaming\SparxMaths-Solver" --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAABgAAAAAAAAAGAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=808 --field-trial-handle=2076,i,17901868560616686483,12482526572165048938,131072 --disable-features=SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\SparxMaths-Solver\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
e600f0d504bceaec00e8f044c49f0da3

SHA1
f438ad990481d69db1268703b706309e728718ac

SHA256
c740dbf4c41883d1ae785f511408c21cd85813e9fde45a80dcec8e441b21e7c3

SHA512
6b24ffa6d49fcd629d32c05c78a6c2529d3a48e43b8a9c2c89eb636b2e39c5b81e4d7031ad5286a257fddc09ac8eebeed211cd33dbf821984d37c744452afdab

Download Submit
C:\Users\Admin\AppData\Roaming\SparxMaths-Solver\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
61c9e941e0cffffebf8ca9dd22f5b4ad

SHA1
7b11529f3435891cb971561d313874ecc9ded395

SHA256
fb657d8f0ed885f3b493e7e33a797c081e73f8719a20e16166dbbe956d3de6e9

SHA512
78975903b19d0a9f88c48cf560c1e0ec4d02a120c6a3a14bd36d9ffe5794a189d3353eca321bdc8dcc33b90637a4318122096b7606a1af9b1184b827678f86a3

Download Submit
C:\Users\Admin\AppData\Roaming\SparxMaths-Solver\Network\Network Persistent State

Filesize
300B

MD5
4a382408fed7e38db411ab51bca18215

SHA1
04da97ab45fcf1b2ddee5e977468a22baee319f6

SHA256
3fb6f3130d979d2ab7b0b980aea6c081e18a703a334e1acb5f3eb663cb913fa6

SHA512
aa4dab3fd579c50bfaa7f7c996c89c2c35506a2437fcd7a8ead8afa6b1740779ed6791a20939f42a425bcafd18f8ae2ab742784d23b35b379a5154e795859aff

Download Submit
C:\Users\Admin\AppData\Roaming\SparxMaths-Solver\Network\Network Persistent State~RFe58e663.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\SparxMaths-Solver\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
memory/220-136-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-130-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-132-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-133-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-124-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-126-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-125-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-134-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-131-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/220-135-0x0000022604E70000-0x0000022604E71000-memory.dmp

Filesize
4KB

Download
memory/916-48-0x00007FFAFFC00000-0x00007FFAFFC01000-memory.dmp

Filesize
4KB

Download
memory/916-80-0x000002BA73D10000-0x000002BA7444F000-memory.dmp

Filesize
7.2MB

Download
memory/916-49-0x00007FFB00760000-0x00007FFB00761000-memory.dmp

Filesize
4KB

Download
memory/916-81-0x000002BA734B0000-0x000002BA7355D000-memory.dmp

Filesize
692KB

Download