Overview

overview

10

Static

static

1

URLScan

urlscan

https://mega.nz/fold...

windows10-2004-x64

10

Analysis

  • max time kernel
    60s
  • max time network
    63s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28-09-2024 16:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://mega.nz/folder/gyFxCKJT#9jTbus9UEFD747ICHunQEg

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

192.168.1.213:4449

Mutex

izubhhcrqllbyqpxiu

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %Temp%

aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 1 IoCs
    rat
  • Executes dropped EXE 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 35 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/folder/gyFxCKJT#9jTbus9UEFD747ICHunQEg
    1⤵
    • Enumerates system info in registry
    • Modifies registry class
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4580
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbc5b746f8,0x7ffbc5b74708,0x7ffbc5b74718
      2⤵
        PID:3136
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
        2⤵
          PID:1436
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2492 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:3936
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
          2⤵
            PID:4020
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
            2⤵
              PID:3700
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              2⤵
                PID:1132
              • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
                2⤵
                  PID:4560
                • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5364 /prefetch:8
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5068
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5388 /prefetch:8
                  2⤵
                    PID:5064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2268 /prefetch:8
                    2⤵
                      PID:3204
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
                      2⤵
                        PID:1680
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6332 /prefetch:8
                        2⤵
                          PID:924
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6320 /prefetch:8
                          2⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4880
                        • C:\Users\Admin\Downloads\Cracker.exe
                          "C:\Users\Admin\Downloads\Cracker.exe"
                          2⤵
                          • Executes dropped EXE
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of SetWindowsHookEx
                          PID:4136
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
                          2⤵
                            PID:2896
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
                            2⤵
                              PID:3112
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,9992809284092637613,10266936990333838779,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
                              2⤵
                                PID:2608
                            • C:\Windows\System32\CompPkgSrv.exe
                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                              1⤵
                                PID:5028
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:5064
                                • C:\Windows\system32\AUDIODG.EXE
                                  C:\Windows\system32\AUDIODG.EXE 0x51c 0x2fc
                                  1⤵
                                    PID:1080
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:3248
                                    • C:\Users\Admin\Downloads\Cracker.exe
                                      "C:\Users\Admin\Downloads\Cracker.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1064

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      e4f80e7950cbd3bb11257d2000cb885e

                                      SHA1

                                      10ac643904d539042d8f7aa4a312b13ec2106035

                                      SHA256

                                      1184ee8d32d0edecddd93403fb888fad6b3e2a710d37335c3989cc529bc08124

                                      SHA512

                                      2b92c9807fdcd937e514d4e7e1cc7c2d3e3aa162099b7289ceac2feea72d1a4afbadf1c09b3075d470efadf9a9edd63e07ea7e7a98d22243e45b3d53473fa4f0

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      2dc1a9f2f3f8c3cfe51bb29b078166c5

                                      SHA1

                                      eaf3c3dad3c8dc6f18dc3e055b415da78b704402

                                      SHA256

                                      dcb76fa365c2d9ee213b224a91cdd806d30b1e8652d72a22f2371124fa4479fa

                                      SHA512

                                      682061d9cc86a6e5d99d022da776fb554350fc95efbf29cd84c1db4e2b7161b76cd1de48335bcc3a25633079fb0bd412e4f4795ed6291c65e9bc28d95330bb25

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      38d5a50c564fac59635f737be791c5ec

                                      SHA1

                                      2b2d71518ba84b843aa494d99103aaef5e29f168

                                      SHA256

                                      782fdd9bd593294f5bce795cee4ac8cb92cf11554c40b2c85c1023f69805f49a

                                      SHA512

                                      a179c05a6fae1eca2796fb71cdcf0e644be055020fcc13f34bfc3a8f97e08f185b22a895942c570dbe795fc819b217f578876342c4319a83eb5871181d5494bf

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      3668aa81724e519d24320a3ef6854455

                                      SHA1

                                      de19fd26c35ebbafe93db24dbe4092e471b1cf4c

                                      SHA256

                                      ab7bb512b91ddb0f25e74703c9542829dd5eedfbd032a92eb9e1b5d603900891

                                      SHA512

                                      c2afc28722d41da32ba2749674ac4af060a8e3c33b7f934f36b5fc0e5cd4b19d82c49c501030e30ba230ed6e473065e32f18e3805b8e406cc63b07cd376d0c14

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      e1bc91963dea4d1a9d74713c31f3cff3

                                      SHA1

                                      d5eff019c54bd27bf2b9e654dac13317b710a40c

                                      SHA256

                                      7689dba119d66c630e07d67165d387ab94624284bfd1c427e2607ccfdd505152

                                      SHA512

                                      cefdc6342c8fbbcc575f1a8d18f5b4ee834462273086aae534a445987ee69c6c03e3406d1ddf4f437a76a8bb2049140662b43cb4497b14c1ff763abdf35263df

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      9f78dfc9dbec8eae43e9a855b584b139

                                      SHA1

                                      0f1126cf890da9de1bcd0b3cb1e3a610c86e7408

                                      SHA256

                                      210400b10fb2bafd0dbd0c0c4b2678d4ec43736168df86e16122723659ae9de1

                                      SHA512

                                      5b72806ca5318b5b86cdf9c927023b2e6735c4aeebd1f8b1c8665fbc507e23240ebe006a298f4de0644b1e42fcca589ff1fb9ea555f0cac6b1c1600c4d858fac

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      5c74bd6aaee0e3de90a2e6ea2a162ff3

                                      SHA1

                                      69bc85f530dc94222367b043f81fc92d5d2b1580

                                      SHA256

                                      229472f116469cdee87c84affbe889181492ae6e09f5cad0969877f8e426c591

                                      SHA512

                                      82a1ea93ab5222334bc9e6f380c6a25246fc0cbad6d2f3fcae08734dd12675e98edc7151afaeb263388643f5f5ea208235e15246323885b69d6cc537c863d262

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001
                                      Filesize

                                      41B

                                      MD5

                                      5af87dfd673ba2115e2fcf5cfdb727ab

                                      SHA1

                                      d5b5bbf396dc291274584ef71f444f420b6056f1

                                      SHA256

                                      f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                      SHA512

                                      de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                                      Filesize

                                      72B

                                      MD5

                                      f10c042a712f4dec652ed9b9e114f8c9

                                      SHA1

                                      1806ebeb84a4b312949f2cdae857e992cd2194ad

                                      SHA256

                                      ecf28e19df208693ff5758f98031d78ed0ef6ec2a8f7a4ca7438507c16e18099

                                      SHA512

                                      67bef7ba50d829b88b0e736ca080f13472b0f0c216744fb07799ddcf18174d497c3cafa15ed05c53098c256184a9cc8e40fafe3bbd71b95fb0e6755a64e0ac47

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e0da.TMP
                                      Filesize

                                      48B

                                      MD5

                                      0985a610dbaf4928f0a60a2f3b7cda5d

                                      SHA1

                                      7ebb964a73773d9bc8e61d69312f02af474aa1b8

                                      SHA256

                                      7828af2fda955f819d7df225180141a1a600227ed90c89e77f373001cb068ddc

                                      SHA512

                                      d9e977af760418c23f42bc53fe3e03922425bca71f16f04cacd16dec8a405c4beb8d60e7e9945b51be4e0f13c70f0b651245f81da13d505ab2b05c6bfc200441

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      c587ed4340ced8f85b21d4e168b74460

                                      SHA1

                                      ebfe0929c3a3c12dfadcf945c92d5c71053b1b23

                                      SHA256

                                      172d26ee6d3c6538a900b3de06adc5f4ba728fb78a531b76272a726f8933b1c8

                                      SHA512

                                      946c1a9675937314e67c23e6b42613e523db86dbb8dc0b3a894ba33d83b397a7ee9fb0f05d40ee85585269917db927dad8f7ca675ca349f5a6dc633311899a75

                                      Download Submit

                                    • C:\Users\Admin\AppData\Roaming\MyData\DataLogs.conf
                                      Filesize

                                      8B

                                      MD5

                                      cf759e4c5f14fe3eec41b87ed756cea8

                                      SHA1

                                      c27c796bb3c2fac929359563676f4ba1ffada1f5

                                      SHA256

                                      c9f9f193409217f73cc976ad078c6f8bf65d3aabcf5fad3e5a47536d47aa6761

                                      SHA512

                                      c7f832aee13a5eb36d145f35d4464374a9e12fa2017f3c2257442d67483b35a55eccae7f7729243350125b37033e075efbc2303839fd86b81b9b4dca3626953b

                                      Download Submit

                                    • C:\Users\Admin\Downloads\Cracker.exe
                                      Filesize

                                      74KB

                                      MD5

                                      779ccbe517ccc38d81969aa2ef1e9d3b

                                      SHA1

                                      6a515b65fe4902dd86ef5e6c257b8e377401fd4a

                                      SHA256

                                      fa69c917668b55096fbfd86bb8f4d2567e5132d19bdc993260444a6c7a0e1519

                                      SHA512

                                      e300a290dbafa53e12b82870dee8d7f84497c036a698598b1d7c0de1b960b2bf1fa92793df2e126518b93523e98d8f3448d82e2070922320cc5204c5ac0498ba

                                      Download Submit

                                    • \??\pipe\LOCAL\crashpad_4580_NNTFLGZGHNNZAPBF
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit

                                    • memory/4136-201-0x0000000000670000-0x0000000000688000-memory.dmp

                                      Filesize

                                      96KB

                                      Download