Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Analysis

  • max time kernel
    105s
  • max time network
    106s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04-02-2025 02:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/vNJkW7

Score
10/10
quasaroffice04discoveryspywaretrojan

Malware Config

Extracted

Family

quasar

Version

1.4.1

Botnet

Office04

C2

205.234.193.208:4782

Mutex

5b5f36aa-c2fa-4faa-b00e-9ae4a219120b

Attributes
  • encryption_key

    187ACE5C73483AF98BF5C2E3407DF08D3AA8F22B

  • install_name

    Client.exe

  • log_directory

    Logs

  • reconnect_delay

    3000

  • startup_key

    Quasar Client Startup

  • subdirectory

    SubDir

Signatures

  • Quasar RAT

    Quasar is an open source Remote Access Tool.

    trojanspywarequasar
  • Quasar family
    quasar
  • Quasar payload 2 IoCs
  • Downloads MZ/PE file 1 IoCs
  • Executes dropped EXE 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • NTFS ADS 2 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 38 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/vNJkW7
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:400
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffebaeb46f8,0x7ffebaeb4708,0x7ffebaeb4718
      2⤵
        PID:1964
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
        2⤵
          PID:2820
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
          2⤵
          • Downloads MZ/PE file
          • Suspicious behavior: EnumeratesProcesses
          PID:3732
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
          2⤵
            PID:1308
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
            2⤵
              PID:2140
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
              2⤵
                PID:2848
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4580 /prefetch:1
                2⤵
                  PID:4780
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
                  2⤵
                    PID:884
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                    2⤵
                      PID:552
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1348
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5276 /prefetch:8
                      2⤵
                        PID:4852
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
                        2⤵
                          PID:4864
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6000 /prefetch:8
                          2⤵
                            PID:2612
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 /prefetch:8
                            2⤵
                            • Suspicious behavior: EnumeratesProcesses
                            PID:3036
                          • C:\Users\Admin\Downloads\Client-built.exe
                            "C:\Users\Admin\Downloads\Client-built.exe"
                            2⤵
                            • Executes dropped EXE
                            • NTFS ADS
                            • Suspicious use of AdjustPrivilegeToken
                            PID:2600
                            • C:\Windows\SYSTEM32\schtasks.exe
                              "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                              3⤵
                              • Scheduled Task/Job: Scheduled Task
                              PID:2060
                            • C:\Users\Admin\AppData\Roaming\SubDir\Client.exe
                              "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe"
                              3⤵
                              • Executes dropped EXE
                              • Suspicious use of AdjustPrivilegeToken
                              • Suspicious use of SetWindowsHookEx
                              PID:4112
                              • C:\Windows\SYSTEM32\schtasks.exe
                                "schtasks" /create /tn "Quasar Client Startup" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Client.exe" /rl HIGHEST /f
                                4⤵
                                • Scheduled Task/Job: Scheduled Task
                                PID:3412
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4084 /prefetch:1
                            2⤵
                              PID:4988
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
                              2⤵
                                PID:2608
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
                                2⤵
                                  PID:3760
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,7231258770567293677,530300070842625527,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
                                  2⤵
                                    PID:3756
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:532
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3484

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      62e6ffe7501e581c80b178323e921b81

                                      SHA1

                                      d0881a3d0aee1c256291d34a90e3092fffa60ce2

                                      SHA256

                                      a4f50a6b36e27013a694382c996a1d3059d38310a138f21aa25cc682be5cb0e5

                                      SHA512

                                      0c4e34fc9a7c5308b1cd05ea71d78c75a9fb85267d7f3e5616dbc1390794941eb549bcc70f7430046ca79cc0055edf0bd51b8eb43f84ee42163dd34d612ba137

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      65a84cd7925378cc74972cc4e677ecef

                                      SHA1

                                      30b4da4c5dbd0cc77d756d270ad260ef74987ccf

                                      SHA256

                                      7be0a4cebd74cb4d879e3f9950f5ac5a05acc3bdc415bbf9d3dd691cccee2cb5

                                      SHA512

                                      ef142224cc0b94a1c5585836988a0d544e7e8b5e8573a1893c9fac528a1ccbbab6c9c7acaad7cfec1a415544bbdcdfd1d0c5e0a0819cb94107fd81989df18704

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      144B

                                      MD5

                                      3da2d392528ea328ab6b431d33a0c8a7

                                      SHA1

                                      2add1d568e40fa59ae9c993f42a2a427ed80e0f3

                                      SHA256

                                      caabf007ed918a4ff1cb010dbdb59f953acfa4425a9c18e0664821ed72168f6e

                                      SHA512

                                      cf51af0a7c8947fcf12b2d28ce30655c023892c255de89d0708dd16771b629aa2a43487aaaa8a051e1f2a51bd90de0488932d86347c1243d895c6f580e85c743

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      391B

                                      MD5

                                      7c0d79b95ae2cf3dfd2a4054af266439

                                      SHA1

                                      c632524bc5141e51619f1bbab0149e8c9ad7660e

                                      SHA256

                                      482f5001679264f5a3f2a293accc44b07e092ea861755a66428fadcb0ff43d6d

                                      SHA512

                                      e2f8cf3582f48b0886ae7299646b1029f36c0e081fad45445b4a99f04b5993106fe7a0288842c50eb4ee10ad2dd32c98a848849b52e190c869144d5701804411

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      d492152dc9b6f45e273c3b45f52bb957

                                      SHA1

                                      b542377e184ef02dd65a916620c0137231c0d441

                                      SHA256

                                      a7bac4ede0b3b8788c36b48f4dae2acf2257dff02c4e574c2d8b37d20324ffc0

                                      SHA512

                                      95995a2f9ebb9121b6c047f90ec4897d66fc163dadd894fbdcf36840e4012d49c3f6e15d733e99350db9e7b306dfdaa13ce537d90e6f97ecada789e74fb14e26

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      7KB

                                      MD5

                                      e48ee199f459bf01b68cee5775fb57b3

                                      SHA1

                                      2fcd8a580aef9a82d331df0c5c8f3678d90637ae

                                      SHA256

                                      fa073a37c9707c0552d7f9d7e24ee1ef93557f6b696413863bd382f75a1258ed

                                      SHA512

                                      e7d44a8a784bcc29281fb0dd17a558c6438922a41c3cd5f913ece52674afeef750c25417cf4853e467aab4683d856de4a8cbc60bb67f2b1b6ae4bd9eddd486ce

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      46295cac801e5d4857d09837238a6394

                                      SHA1

                                      44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                      SHA256

                                      0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                      SHA512

                                      8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      206702161f94c5cd39fadd03f4014d98

                                      SHA1

                                      bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                      SHA256

                                      1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                      SHA512

                                      0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e2a74777-69bc-4fbe-8bc1-b596653142eb.tmp
                                      Filesize

                                      6KB

                                      MD5

                                      28a37ebb065146025430301ff01e0821

                                      SHA1

                                      54a46d115a8ff131289d2c9996f1b92e82438d25

                                      SHA256

                                      66eac3412079c7ef48efec121417a0d5204d2e7f990daf6d966c8872931ccb07

                                      SHA512

                                      0bec91d0ec425d5e3b66750f074d4bf326e2cf1b11215830f317b35af29bd869774355c4310dc691d704bc460a7e1a4d3ed8dfde124eb240accd201465a8e73b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      12KB

                                      MD5

                                      916ed15993de4ce5d179ea0902c0f004

                                      SHA1

                                      35002f1444a3fb7bb8652dd363a016575b1a9f63

                                      SHA256

                                      6b6ef5124b13f1b87ace4eed61557831fc8792b06b922054c494e9b5e19131e7

                                      SHA512

                                      c04534f972291bc870630f22ad04812fcf25abaf11544220bef46aac1723c70a10a8475361b664d9c46b349b0179f5174286a80fcb31f6148b4577d341e0c0c4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      f0d8cbed3e9eaad0a0b7f42a38989b28

                                      SHA1

                                      3c56b3d1bf48d5b4c550874efc63805a98baaed9

                                      SHA256

                                      350e7e8096d139289582ad8c77c6843ffb5aaa42a5c8a7e924f3f4e48a6b16da

                                      SHA512

                                      996f0664062da8607292349cece0346edda4b800b443eda1ba3e21cf0ed2e2f05c49851856760f3e92d4552a0ae2a14d01c9b695d7aaee12a9da6f8af9750c5b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      538dfce6c06ca9250b3bfa966e06e996

                                      SHA1

                                      941c8664f34f2f8e674c40e2529cef3e0cdb267a

                                      SHA256

                                      c59591df04e67fe916b02748c8dbf90f548ea0fe660daa7ae735e3041b18e44d

                                      SHA512

                                      f20c4c461b5bc6c78c2fa7a5e3d73d47b639b3893fcec73eba4ed9a6b75b43881913ec9816d7ec63b1d18b77955dee12028c7739f4a4d4658b5cfe9994058c0a

                                      Download Submit

                                    • C:\Users\Admin\Downloads\Unconfirmed 168678.crdownload
                                      Filesize

                                      3.1MB

                                      MD5

                                      cb303e914569c62b60c9a5a76bc5541e

                                      SHA1

                                      083465ccd4440106b6c389d566cd027df3ce6229

                                      SHA256

                                      40738b4229f48e129ff256c7b37b1005c95647d63b63cc99b59fe75694df314a

                                      SHA512

                                      546f0c00b09a1f66e6430d9444cfeb4d18a5f58591e5e0170918edb14bfda6ca3d914b21ade2a15788a5662854ebb959aa79f176cf29497e184384781e53b958

                                      Download Submit

                                    • memory/2600-101-0x00000000001D0000-0x00000000004F4000-memory.dmp

                                      Filesize

                                      3.1MB

                                      Download

                                    • memory/4112-109-0x000000001BA40000-0x000000001BA90000-memory.dmp

                                      Filesize

                                      320KB

                                      Download

                                    • memory/4112-110-0x000000001C4E0000-0x000000001C592000-memory.dmp

                                      Filesize

                                      712KB

                                      Download