hxxps://cdn[.]discordapp[.]com/attachments/1142244540380618862/1142255488881405963/Demo_Software[.]zip

Analysis

max time kernel
129s
max time network
133s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
23-08-2023 20:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://cdn.discordapp.com/attachments/1142244540380618862/1142255488881405963/Demo_Software.zip

Score

1^/10

Malware Config

Signatures

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133372977126270319"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1722984668-1829624581-3022101259-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
3988	Demo.exe
3988	Demo.exe
3988	Demo.exe
1228	chrome.exe
1228	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe
Token: SeShutdownPrivilege	4644	chrome.exe
Token: SeCreatePagefilePrivilege	4644	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe
4644	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4644 wrote to memory of 4052	4644	chrome.exe	31
PID 4644 wrote to memory of 4052	4644	chrome.exe	31
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4044	4644	chrome.exe	85
PID 4644 wrote to memory of 4664	4644	chrome.exe	84
PID 4644 wrote to memory of 4664	4644	chrome.exe	84
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86
PID 4644 wrote to memory of 660	4644	chrome.exe	86

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://cdn.discordapp.com/attachments/1142244540380618862/1142255488881405963/Demo_Software.zip
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffaf48d9758,0x7ffaf48d9768,0x7ffaf48d9778
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:8
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1640 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:2
  2⤵
  PID:4044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2188 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:8
  2⤵
  PID:660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2928 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2916 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4524 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5056 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:8
  2⤵
  PID:4936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:8
  2⤵
  PID:4756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1608 --field-trial-handle=1876,i,6712712104276887104,1568705238722923054,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1228

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:492

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2844

C:\Users\Admin\Desktop\imdat\Demo.exe
"C:\Users\Admin\Desktop\imdat\Demo.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3988

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\50e0fbbf-75a4-422a-9dfc-94dfef620820.tmp

Filesize
6KB

MD5
2263d02c5e798c801a986543ae7e93e3

SHA1
df10bb5b3b473602ca2a38650d89933d9a8798f7

SHA256
b9d788ceb5fe1fd88c4abe7dc9210013b9b0e66e64d8ba8ed365927314017b14

SHA512
eda3c73c4c44f6f6c95d7a1cca22432561b17410718cdda08f1bed60f18f33017dac871f30c25fa4a51228b449c284d1b349635784e813a586b2f5ea8cd2e55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1412501035d13d93a2aa951370d54ecc

SHA1
7878dbe9f37f2972f04f7feb5b681e6fad65d06b

SHA256
664f1855969aafa64994e1c2670d863c266ad72a6afa430cacdb38236f602a92

SHA512
c4015f69229cd05c14b7ae1db9820988b219e0444344f4486de38af7a890cb593d58b7e34be9e22c23b62132755326f3b436abab78aa86514ea14a61867b44b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1018B

MD5
4b9bf088360433df2963a8fc5d308a88

SHA1
f5620fa22923b396b987ce7c9e8a89b238a95e49

SHA256
adf7ffc600145a2555fd679e66b79eda9b9d5c64507bfa3cb898a7f3142699f8

SHA512
3fc281a8a47ac2c5f42eab97aa3571e98cd9cf1b30fcd798fa6f6978839c6e317076beeaec134ce9745dc1994ff355ed0d84911a943fb7c5b9ddba12abf88f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
103448be03c192b80ba6966e6ec5b71c

SHA1
5fa0e821ceb890a5d8b5a5a479a6815ee8767b06

SHA256
82240865bf3de4aa379d49702fa93f49f50c41a712c0abddf10332bfa37fb81f

SHA512
17fa8c0b5a2d5b210c999a5c408351556bc7d122cbe0d8fbf7b9d2ff61cfc6aa371c865338d46eabf2665c2fa691e561e9dc4b55bcb75a5ae83fe5331a6adb8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
87KB

MD5
d3bf843fa690b6dadb6de027c9a8340b

SHA1
d43d6358ca84dc4cd63e62820287e44942bc4cd2

SHA256
b9dfcd9ac4f0221967221d45f8527b304151d1f6b8cce7f7baf6415afba8f73e

SHA512
6a2f4ea45bf55cfcedd16948ce927b789cb6302030fa76c6ff276aac881733b500c6165a391a967581169f4e42359ade7cac1dc5692dbe4633227e9825312693

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\Demo_Software.zip

Filesize
356KB

MD5
3234064f25a6106e72089f2b46845cef

SHA1
487d354f1353bf4bf7dfe9a9e29c178a91755607

SHA256
b8f0b53f4cf8eef7dabc3bbb3d1ea3b02eb8e375056c261974aa9014a740a64a

SHA512
29f326647f76404442ac35c6fd7bde6f0ec7eef2cf8d1102109c23ba865967a96137305598796aa69e1e725151d90a216998f8f1e4edfc49095723157f051144

Download Submit
memory/3988-58-0x0000000005CF0000-0x0000000005CFA000-memory.dmp

Filesize
40KB

Download
memory/3988-70-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-56-0x0000000004970000-0x0000000004A02000-memory.dmp

Filesize
584KB

Download
memory/3988-57-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-54-0x0000000000060000-0x00000000000A6000-memory.dmp

Filesize
280KB

Download
memory/3988-59-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-69-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/3988-55-0x0000000004E00000-0x00000000053A4000-memory.dmp

Filesize
5.6MB

Download
memory/3988-71-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-72-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-73-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-74-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-76-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-77-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download
memory/3988-53-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/3988-96-0x0000000004B60000-0x0000000004B70000-memory.dmp

Filesize
64KB

Download