Overview

overview

10

Static

static

1

URLScan

urlscan

1

http://temp.sh/MLkps...

windows10-2004-x64

10

Analysis

  • max time kernel
    113s
  • max time network
    112s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    01-04-2024 11:45

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    http://temp.sh/MLkps/sideload.zip

Score
10/10
darkgatekaitoshiba123stealer

Malware Config

Extracted

Family

darkgate

Botnet

kaitoshiba123

C2

45.63.52.184

Attributes
  • anti_analysis

    true

  • anti_debug

    false

  • anti_vm

    true

  • c2_port

    80

  • check_disk

    false

  • check_ram

    false

  • check_xeon

    false

  • crypter_au3

    false

  • crypter_dll

    false

  • crypter_raw_stub

    false

  • internal_mutex

    fnviivee

  • minimum_disk

    100

  • minimum_ram

    4096

  • ping_interval

    6

  • rootkit

    false

  • startup_persistence

    true

  • username

    kaitoshiba123

Signatures

  • DarkGate

    DarkGate is an infostealer written in C++.

    stealerdarkgate
  • Detect DarkGate stealer 2 IoCs
  • Executes dropped EXE 2 IoCs
  • Loads dropped DLL 1 IoCs
  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://temp.sh/MLkps/sideload.zip
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1832
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8801b46f8,0x7ff8801b4708,0x7ff8801b4718
      2⤵
        PID:2656
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
        2⤵
          PID:1872
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:4340
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
          2⤵
            PID:2948
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
            2⤵
              PID:2260
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
              2⤵
                PID:2312
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
                2⤵
                  PID:1752
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
                  2⤵
                    PID:448
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
                    2⤵
                    • Suspicious behavior: EnumeratesProcesses
                    PID:4060
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
                    2⤵
                      PID:4408
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                      2⤵
                        PID:3372
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
                        2⤵
                          PID:2480
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5616 /prefetch:1
                          2⤵
                            PID:752
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5336 /prefetch:8
                            2⤵
                              PID:2252
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
                              2⤵
                                PID:3092
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,11025864895583663110,12419831735743920517,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5792 /prefetch:8
                                2⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:1868
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:3036
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:1372
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:4424
                                  • C:\Program Files\7-Zip\7zG.exe
                                    "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\sideload\" -spe -an -ai#7zMap1467:78:7zEvent3501
                                    1⤵
                                    • Suspicious use of AdjustPrivilegeToken
                                    • Suspicious use of FindShellTrayWindow
                                    PID:2116
                                  • C:\Users\Admin\Downloads\sideload\sideload.exe
                                    "C:\Users\Admin\Downloads\sideload\sideload.exe"
                                    1⤵
                                    • Executes dropped EXE
                                    • Loads dropped DLL
                                    PID:4852
                                    • \??\c:\st\Autoit3.exe
                                      "c:\st\Autoit3.exe" c:\st\script.a3x
                                      2⤵
                                      • Executes dropped EXE
                                      • Checks processor information in registry
                                      PID:724

                                  Network

                                  MITRE ATT&CK Enterprise v15

                                  Replay Monitor

                                  Loading Replay Monitor...

                                  Downloads

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    7c6136bc98a5aedca2ea3004e9fbe67d

                                    SHA1

                                    74318d997f4c9c351eef86d040bc9b085ce1ad4f

                                    SHA256

                                    50c3bd40caf7e9a82496a710f58804aa3536b44d57e2ee5e2af028cbebc6c2f2

                                    SHA512

                                    2d2fb839321c56e4cb80562e9a1daa4baf48924d635729dc5504a26462796919906f0097dd1fc7fd053394c0eea13c25219dec54ffe6e9abb6e8cb9afa66bada

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                    Filesize

                                    152B

                                    MD5

                                    5c6aef82e50d05ffc0cf52a6c6d69c91

                                    SHA1

                                    c203efe5b45b0630fee7bd364fe7d63b769e2351

                                    SHA256

                                    d9068cf3d04d62a9fb1cdd4c3cf7c263920159171d1b84cb49eff7cf4ed5bc32

                                    SHA512

                                    77ad48936e8c3ee107a121e0b2d1216723407f76872e85c36413237ca1c47b8c40038b8a6349b072bbcc6a29e27ddda77cf686fa97569f4d86531e6b2ac485ed

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    3d1d5056f916d5819b75ca49545a315d

                                    SHA1

                                    eeaa4c6a351d4b3b05ecf8193d5c25f4a4e8fcba

                                    SHA256

                                    8d8d58b3972de0c543c1351ed02ea6ead3cc83e0b6bb842e1a26313638490452

                                    SHA512

                                    c84db0f40930b631ee546ab32fa69515e9e1e689a3d8b44f5597791f29cd7f021f04d874b65143d50c28792634fe68289cfbb3cc58a7963128c417bd5bb7ea3e

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    fe55944e9e9e754f444c02c2e376e9a1

                                    SHA1

                                    a4157c1d55756659ad4253b0a02a9b8d17c65e31

                                    SHA256

                                    25a9e177261e2c2a62ffb2bc22d6f3e3bcce00d898aa3143b3eb4ad3a4a341cb

                                    SHA512

                                    1b6d322840201a87253ee6bbae0cbb172423c2988ae241c334471a5f8b65cb8f37c107411d9cbc4c236d2b80006649259373b5e32bddeb64ae295dfacebd7c30

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                    Filesize

                                    6KB

                                    MD5

                                    d3ff7fdf698e3712243db1da01ca4173

                                    SHA1

                                    4ddfd5a23bcce944196d491ca0eb7d3520378229

                                    SHA256

                                    ac91aae83e85f642b2374a421f8621bb0cd496a0dbda6f5867d32ff0c685bff1

                                    SHA512

                                    f644a2cd68ef37e953245b335d465af6b11a209cf8cec6c541a8b8564d4a9a19cd5c953df511a73feb12cee60c0197ed3edeab27319d8b27dc0ba4f9ad5e5b3c

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                    Filesize

                                    16B

                                    MD5

                                    6752a1d65b201c13b62ea44016eb221f

                                    SHA1

                                    58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                    SHA256

                                    0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                    SHA512

                                    9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    12KB

                                    MD5

                                    c5cb6e0378998ef571ce9e93b5163e97

                                    SHA1

                                    a6c65110387b55321e98bf3277f2ab8216e66e2c

                                    SHA256

                                    113c70bf08de90cea54d026744fbb08cf3769e6c64939acb8ba74fe348b03b83

                                    SHA512

                                    87832debc3a1684db9536a82fd77944a7265399c5395c253ea342dd42e74399d5fdfc8da3a6905b1031df48d59007146448d5d351a620a4f3ff5a6d315ae8f46

                                    Download Submit

                                  • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                    Filesize

                                    11KB

                                    MD5

                                    e427938fe7e96d9c0b07246f5b0f4f5d

                                    SHA1

                                    335c1f475db883a9ffc94c97a10a49cc25366d5d

                                    SHA256

                                    3d38b9357e4c5a1cdacb8c0f1c595be14efd49fd619b4b03ee437f1c760df5fb

                                    SHA512

                                    56d4aeb425cc3bb931f8921140894052bae356b2080d2c60f1d4cf9078de7ea18a389e114c0fc6dd5f2b7803adabde37599db863b44adfbdd3de002b3c344fc3

                                    Download Submit

                                  • C:\Users\Admin\Downloads\sideload.zip
                                    Filesize

                                    1.4MB

                                    MD5

                                    08a8a902fbf7a2cfb03cc93a165111ce

                                    SHA1

                                    ac5c2a880abf33218ef38dc5b0870fcfe8dd8f0f

                                    SHA256

                                    9139f743c6d0bf6fe13884dea72b004b90e0e0a345759281679aaa63bb5e0c30

                                    SHA512

                                    be2fc08ce0d53be37a246d37f9044f2f8fa1531d23eaf0598b886b3d0eadb16f3a4ebc9d4bafb917202c18d459ae7c3cd6aa7733ea3a090a4ad8674e25c886db

                                    Download Submit

                                  • C:\Users\Admin\Downloads\sideload\data.bin
                                    Filesize

                                    1.4MB

                                    MD5

                                    583aa08cd16d7b8788fe6fb39fbcf823

                                    SHA1

                                    256a7e63be795e9965f9c29ce74d57d94b41f9b6

                                    SHA256

                                    4dd98d3ddba47215a162409bf05a9332d6d7021d5b36d0c75dc32bcac0c364ff

                                    SHA512

                                    15d19932c1d4238dd6af10f9e518d68c65a3ffc04cc1b873c711e27cf9dced76b0661bf8f4776a476568bac078dfeca11a2734a62e087cee9adef631f3b5ed9b

                                    Download Submit

                                  • C:\Users\Admin\Downloads\sideload\g2m.dll
                                    Filesize

                                    399KB

                                    MD5

                                    326683813b145cc5469dff1f77c701e3

                                    SHA1

                                    b31eb0e91c6e70719a15dd61e7e374ce2b7782c1

                                    SHA256

                                    93439fe9b45d7b6e9fcdc5e68fd47677ea17025e4eabb6f1468cb9ae98ee8a5b

                                    SHA512

                                    981bf18aa03259a557eed4fc336d27f3f55b3a0421e70b6b59c5ef9753be885b537d5e55f2d58753621b57aa6079708d35732edddd4d97d4891b79600e631fc3

                                    Download Submit

                                  • C:\Users\Admin\Downloads\sideload\sideload.exe
                                    Filesize

                                    39KB

                                    MD5

                                    f1b14f71252de9ac763dbfbfbfc8c2dc

                                    SHA1

                                    dcc2dcb26c1649887f1d5ae557a000b5fe34bb98

                                    SHA256

                                    796ea1d27ed5825e300c3c9505a87b2445886623235f3e41258de90ba1604cd5

                                    SHA512

                                    636a32fb8a88a542783aa57fe047b6bca47b2bd23b41b3902671c4e9036c6dbb97576be27fd2395a988653e6b63714277873e077519b4a06cdc5f63d3c4224e0

                                    Download Submit

                                  • C:\st\Autoit3.exe
                                    Filesize

                                    872KB

                                    MD5

                                    c56b5f0201a3b3de53e561fe76912bfd

                                    SHA1

                                    2a4062e10a5de813f5688221dbeb3f3ff33eb417

                                    SHA256

                                    237d1bca6e056df5bb16a1216a434634109478f882d3b1d58344c801d184f95d

                                    SHA512

                                    195b98245bb820085ae9203cdb6d470b749d1f228908093e8606453b027b7d7681ccd7952e30c2f5dd40f8f0b999ccfc60ebb03419b574c08de6816e75710d2c

                                    Download Submit

                                  • \??\c:\st\script.a3x
                                    Filesize

                                    505KB

                                    MD5

                                    2eb0028dfa9ef9a4a9d095225fbdec8b

                                    SHA1

                                    153c51cd123b747d7552112bb3bd1e607e07cde1

                                    SHA256

                                    c3bbe2dd0016fdf64dd86fb49d6e95e99489381f188425c2f7e9b7d4b7d5e86c

                                    SHA512

                                    f55cd9b8c190de8a628623883aeba408ce7ff598d7203f7b60a392dc31be4a51a62896293e975f52cdc60e497539eb47dcd069268b3cd6c05b40fea3423afb22

                                    Download Submit

                                  • \??\c:\st\test.txt
                                    Filesize

                                    76B

                                    MD5

                                    b0e0f5e33fa8e73f4951b0f00eaf6fce

                                    SHA1

                                    16442a21dc55bb2021c9bca6bed1398b95835c1a

                                    SHA256

                                    9f2c071c875e7275c95405e06e48a5b03d8acaa04d268541ead3af0dcea7bd9d

                                    SHA512

                                    f1e5a6ce6987e7633dd1fe1c80d245b8f188f9d2f5d1749e55389444ddde9e3ec9d7c20b1e8faa54f31246a4af643f1ccb474f787c104296181f2beb81e5c467

                                    Download Submit

                                  • memory/724-115-0x0000000004C10000-0x0000000005BE0000-memory.dmp

                                    Filesize

                                    15.8MB

                                    Download

                                  • memory/724-116-0x0000000006130000-0x00000000064C2000-memory.dmp

                                    Filesize

                                    3.6MB

                                    Download

                                  • memory/724-118-0x0000000006130000-0x00000000064C2000-memory.dmp

                                    Filesize

                                    3.6MB

                                    Download

                                  • memory/4852-103-0x00000000006A0000-0x0000000000809000-memory.dmp

                                    Filesize

                                    1.4MB

                                    Download

                                  • memory/4852-110-0x00000000006A0000-0x0000000000809000-memory.dmp

                                    Filesize

                                    1.4MB

                                    Download