quasar | hxxp://jujuju[.]lat/files/1[.]exe

Analysis

max time kernel
17s
max time network
18s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
05-01-2025 14:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://jujuju.lat/files/1.exe

Score

10^/10

quasar miner discovery spyware trojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Miner

154.216.19.144:7000

Mutex

9aaccf69-ec3a-44b7-854b-ecd43ee8e151

Attributes

encryption_key
4A883D3FC8F269324ACDCF0E4B7FFECA042CD47D
install_name
Svc.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Svc
subdirectory
SubDir

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/files/0x0009000000023bbd-32.dat	family_quasar
behavioral1/memory/2476-53-0x0000000000D70000-0x0000000001094000-memory.dmp	family_quasar

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2476	1.exe
4184	Svc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133805607558482644"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000_Classes\Local Settings	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3032	schtasks.exe
4284	schtasks.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe

Suspicious use of AdjustPrivilegeToken 36 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeDebugPrivilege	2476	1.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeDebugPrivilege	4184	Svc.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe
Token: SeShutdownPrivilege	3808	chrome.exe
Token: SeCreatePagefilePrivilege	3808	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe
3808	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4184	Svc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3808 wrote to memory of 1308	3808	chrome.exe	83
PID 3808 wrote to memory of 1308	3808	chrome.exe	83
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 1752	3808	chrome.exe	84
PID 3808 wrote to memory of 2036	3808	chrome.exe	85
PID 3808 wrote to memory of 2036	3808	chrome.exe	85
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86
PID 3808 wrote to memory of 2092	3808	chrome.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://jujuju.lat/files/1.exe
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb61b7cc40,0x7ffb61b7cc4c,0x7ffb61b7cc58
  2⤵
  PID:1308
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1736 /prefetch:2
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2136,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2196,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:2092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3020,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3024,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4892,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4904 /prefetch:8
  2⤵
  PID:4800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5040,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5056 /prefetch:8
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5048,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4900 /prefetch:8
  2⤵
  PID:2656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4936,i,13610586315895749090,11326848126459887559,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4912 /prefetch:8
  2⤵
  PID:1364

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4872

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:712

C:\Users\Admin\Downloads\1.exe
"C:\Users\Admin\Downloads\1.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:2476
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Svc" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Svc.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:3032
- C:\Users\Admin\AppData\Roaming\SubDir\Svc.exe
  "C:\Users\Admin\AppData\Roaming\SubDir\Svc.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4184
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Svc" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Svc.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:4284

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\10f3d881-3e79-43c8-a41c-3db2797f218c.tmp

Filesize
649B

MD5
3df514375d0156ac100eb60b43a36578

SHA1
397b3cf44771366eeb97b6f3f6d5e58a1668ceec

SHA256
98db29614387d2625e2482ab6f7c4356e995f6e79e662c676b195026e5bac7a6

SHA512
a5dfdbdc75296a5b14f00b4492287083e405ee8bc82a784a6c243e3e74fe851c1d8bcced4dea17d2b4ddb8f40b5e5c74b9e243a20dc807b357261d577c34189c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93f107b6978cc13663caf006d7bb93e7

SHA1
a47ecb3a5b9eb71047089631f99dc38374283bde

SHA256
157c01420b1fb3e22fd693b404fbfce21ea6f9ed9752043f44d1d47572b6f250

SHA512
790288ff0d5d6a670b3183f6c324715c559ec10195287085c9ed36f7f6e489eb8336db67303b68a8306c03980d8733127fa4eb7c5dee8945eb94f454aa8bab56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
b6cb6481c632122250baf10ffc9b9f99

SHA1
df13e585bdac6767e4a3d0712c1e4c4aa817242e

SHA256
b13f7973baecea1ab0b7f1e94640c159ed8b44d0ea2cfd1f7deddc71052f5a44

SHA512
d91e8b3e6a5875deec2816b58da73d93b812e9bc194cd1555c6a993f952ee2a216d0f25abf084550721a5b1f95f2dbc47bbe11701092b3528d9d1f389b1aaca4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 862348.crdownload

Filesize
3.1MB

MD5
b48f94c872bb4e3596924f7f587b0a54

SHA1
748f86a0394486b577978794145328702ac77a62

SHA256
e3d17377d59312e36a5e3b503a7259ffeaac4dd742222be0ad9a8ea443d3f7de

SHA512
2704c862668c3ad9f9222761b91861b1c84d84021c1309b309f5cd267fc77e542ca2c821dccb2d9ff2f2063dbc5b604204c2969fa68c7a0de3f2e40039655da1

Download Submit
memory/2476-52-0x00007FFB4DEC3000-0x00007FFB4DEC5000-memory.dmp

Filesize
8KB

Download
memory/2476-53-0x0000000000D70000-0x0000000001094000-memory.dmp

Filesize
3.1MB

Download
memory/2476-54-0x00007FFB4DEC0000-0x00007FFB4E981000-memory.dmp

Filesize
10.8MB

Download
memory/2476-60-0x00007FFB4DEC0000-0x00007FFB4E981000-memory.dmp

Filesize
10.8MB

Download
memory/4184-61-0x000000001B9B0000-0x000000001BA00000-memory.dmp

Filesize
320KB

Download
memory/4184-62-0x000000001BAC0000-0x000000001BB72000-memory.dmp

Filesize
712KB

Download
memory/4184-65-0x000000001BA70000-0x000000001BA82000-memory.dmp

Filesize
72KB

Download
memory/4184-66-0x000000001C200000-0x000000001C23C000-memory.dmp

Filesize
240KB

Download