discordrat | hxxps://filebin[.]net/ttxrhr5vbh0ukcrz/Valorant-Ch_[.]rar

Resubmissions

01-07-2024 22:15

240701-16bq4ataja 1

30-06-2024 16:24

240630-twqnyazhrg 10

Analysis

max time kernel
62s
max time network
67s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
30-06-2024 16:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://filebin.net/ttxrhr5vbh0ukcrz/Valorant-Ch_.rar

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTI1NjE4NDM3MTI4Nzk0OTMxNA.Gt2itO.hu35FmHkmfsMuntqU5cNjdMc3Cwcz2LybSbHK8
server_id
1256184909702234205

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Valorant-Chế.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000\Control Panel\International\Geo\Nation	Valorant-Chế.exe

Executes dropped EXE 2 IoCs

Processes:

Valorant-Chế.exeClient-built.exe

pid process

3360 Valorant-Chế.exe
3304 Client-built.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service
T1102

Processes:

flow ioc

82 discord.com
83 discord.com
86 discord.com
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
3360	Valorant-Chế.exe
3304	Client-built.exe

flow	ioc
82	discord.com
83	discord.com
86	discord.com

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings firefox.exe
NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\Valorant-Ch_.rar:Zone.Identifier firefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4124900551-4068476067-3491212533-1000_Classes\Local Settings	firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\Valorant-Ch_.rar:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

Processes:

firefox.exe7zG.exeClient-built.exe

description	pid	process
Token: SeDebugPrivilege	1924	firefox.exe
Token: SeDebugPrivilege	1924	firefox.exe
Token: SeDebugPrivilege	1924	firefox.exe
Token: SeRestorePrivilege	1724	7zG.exe
Token: 35	1724	7zG.exe
Token: SeSecurityPrivilege	1724	7zG.exe
Token: SeSecurityPrivilege	1724	7zG.exe
Token: SeDebugPrivilege	3304	Client-built.exe

Suspicious use of FindShellTrayWindow 5 IoCs

Processes:

firefox.exe7zG.exe

pid process

1924 firefox.exe
1924 firefox.exe
1924 firefox.exe
1924 firefox.exe
1724 7zG.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

1924 firefox.exe
1924 firefox.exe
1924 firefox.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

firefox.exe

pid process

1924 firefox.exe
1924 firefox.exe
1924 firefox.exe
1924 firefox.exe

pid	process
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe
1724	7zG.exe

pid	process
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe

pid	process
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe
1924	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

firefox.exefirefox.exe

description	pid	process	target process
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 2884 wrote to memory of 1924	2884	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 2376	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe
PID 1924 wrote to memory of 212	1924	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://filebin.net/ttxrhr5vbh0ukcrz/Valorant-Ch_.rar"
1⤵
- Suspicious use of WriteProcessMemory
PID:2884

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://filebin.net/ttxrhr5vbh0ukcrz/Valorant-Ch_.rar
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1924

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.0.1249907709\631510752" -parentBuildID 20230214051806 -prefsHandle 1808 -prefMapHandle 1804 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {081f6c6e-6c2f-4103-985c-9f44a913ec6b} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 1884 1a61412e758 gpu
3⤵
PID:2376

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.1.1347590191\15413420" -parentBuildID 20230214051806 -prefsHandle 2464 -prefMapHandle 2452 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {abf9d20d-91cb-43d0-8510-b01a45a68230} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 2476 1a613126a58 socket
3⤵
PID:212

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.2.1800687094\171905787" -childID 1 -isForBrowser -prefsHandle 3024 -prefMapHandle 3020 -prefsLen 23030 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c013e39f-a0bf-4f4c-8833-56022293f014} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 2836 1a61723e258 tab
3⤵
PID:2832

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.3.510113422\586876712" -childID 2 -isForBrowser -prefsHandle 3652 -prefMapHandle 3648 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d9e3e3b3-b419-416b-9248-1282fc61b5fd} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 3664 1a61798e558 tab
3⤵
PID:216

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.4.912124193\6683909" -childID 3 -isForBrowser -prefsHandle 5304 -prefMapHandle 5296 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d7cea28b-fc10-4ea1-a16b-9e8b3e4a9c0c} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 5332 1a61ae78858 tab
3⤵
PID:4644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.5.1333588715\1397801304" -childID 4 -isForBrowser -prefsHandle 5556 -prefMapHandle 5552 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79c3f4f9-30f0-441b-bf2d-c5e9474c2e1d} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 5564 1a61ae77358 tab
3⤵
PID:1364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1924.6.307324683\1363280780" -childID 5 -isForBrowser -prefsHandle 5512 -prefMapHandle 5516 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1264 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a250c0b0-51e3-4e59-bdf1-20f2956ec028} 1924 "\\.\pipe\gecko-crash-server-pipe.1924" 5500 1a61ae77c58 tab
3⤵
PID:2852

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1404

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Valorant-Ch_\" -spe -an -ai#7zMap27501:86:7zEvent18154
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1724

C:\Users\Admin\Downloads\Valorant-Ch_\Valorant-Chế.exe
"C:\Users\Admin\Downloads\Valorant-Ch_\Valorant-Chế.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:3360

C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe"
2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\activity-stream.discovery_stream.json.tmp
Filesize
32KB

MD5
39b52421d508a0d792bde0216c972c6e

SHA1
04a144345d54aad58b6f9d25e568f8da47f43eaf

SHA256
39309ebbe4a189bf79686eb75843f989fced0af041d492c6effd4ca844db3af6

SHA512
58a8dcdc246870aa20a00243bf59bcbdfc7ef647e17fce0914024fc3105659d85a17897f3c3091aaf36dcf2d3c95b69811cd05f36a90e1c8f1e6f4043674ed60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\afevplna.default-release\cache2\doomed\20249
Filesize
9KB

MD5
a5839cb08f82a6727ab04a151c51eaf2

SHA1
97fbc0ab895e6c7b3a829f74ca5a8cea6173bd49

SHA256
016546b28b36aef1bb188a74c98e644a593e848fd82a559a15284bea25a53962

SHA512
3ca74a79041d3cd7d339824f8c527380e521a7eff4f439b0dbfbe904f7dca5670e0928d4b47bc3fc8a4cc9cd0de7ec4a28c169ed557500a4697d0f5450b674a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RarSFX0\Client-built.exe
Filesize
78KB

MD5
5404517fe767b9bf7c248f3ddac46382

SHA1
905a67a3e998850ef72be1b12e1cede877ee50a2

SHA256
fa8f3862df8c1ac32629e7b011edafa52222b5d981ffc89989aea2e9bce4da7d

SHA512
e57a23c0d8295fd9f36404734e1b70a0d4a29ebb111c3f6dedb5b988c77d21bffe32f676fa6029ca0ee1fb3864d9adb8d92303f450af6eb4af8cbd48372010a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs-1.js
Filesize
7KB

MD5
a9f69a80317a09437105af4112f2030b

SHA1
afbe7642da7b16d724de9369f0f66707aff9f44e

SHA256
9cb960c1bc11023330cca9d8866f556fcbe9bc68265775eb485ba1c196971a9f

SHA512
f1abdb27d333b4fae913340df7cd43684446bfd99454e59cc4b5b87487e95087ba79a22ffb742814656522445aebf81ab0723af54e57486900a4af3afd258973

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
Filesize
6KB

MD5
56dfe0ecc2256079b7463e45f5a40302

SHA1
20659dfd0df368b41edc4d7c305f76c98d3b34e0

SHA256
f6ec78d21b16184b0f7f635138f8e9b400bc97a8bd83a49146f52b02ba24b521

SHA512
2e0d0eb6abd9c8a832c07fffeb0dd0e16e88c3d86362a28767876a52e64b13198d0bebf7a232100299de2281f1802a51e39397eb558f85d085b46dcbbe6402f4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\prefs.js
Filesize
6KB

MD5
dcdb8298e9f2642f4a19420593dc45c0

SHA1
f7be82ebee77676e6742bf779fc3cdd0f282ed0e

SHA256
90f8b5584bd579558b83ba2d9f2d82645558feb5b2a5708b83f14eecbbcb14cf

SHA512
3d285f73193dd2446e95ec6e4c9aff22b075f9c45d7b8baa94c34c3e9f10cb3f20207b67cd552e9f822f11d32811d0c35b979f50fa4e3e62df25d74c8217e099

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
6KB

MD5
51600358d1792e39b98d768f89931039

SHA1
1502a1be72f4db84c0f4b471c9e1a67b22b5214a

SHA256
5520991e427b6baea05dff542d65f0f6dd2201a206a8b89ab901122f999433c6

SHA512
3b93ab138492057e5b5768507dc9513d04bea65613b04c52bb13959b700febfd203f9f33f037dd9be4022d4ff7accf011300761c35eb20d39c097f409a204414

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\afevplna.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
Filesize
192KB

MD5
c210faae758ba558d626ccf9af872071

SHA1
447ba0d571f71345dec1bfefe6ef096f390ec399

SHA256
4774fdf6a878ab856c382f1435640a12bf9b2bfd833f5250d5aa93f32aa78e65

SHA512
52b61ae9db47d53e60051b32b9d89f22633de7cff14a4c5d7403033640aad720ad4904726a9a48c92ddb6476f586894bc35894e48b6a9d1b87796e4006c1119b

Download Submit
C:\Users\Admin\Downloads\Valorant-Ch_.3bmmOAf2.rar.part
Filesize
67KB

MD5
30303b8afaef58617e2cbac259cd20d3

SHA1
fc130d0bf852f147f48d83ff54f86a39c7dc69e4

SHA256
9a27c924ae8e5f19be6caabf142d231f6a4ab5ee4e8854881468bc5a5ea63cc8

SHA512
cb90ef95345ee0053ef0e1681c19b71a353f1ac9fafca9f318167e75b4a9d5198a81a1f163134962d0d4794e3763e7e085305eaef3b3ffe11724aa0feb68ea55

Download Submit
C:\Users\Admin\Downloads\Valorant-Ch_.rar
Filesize
203KB

MD5
c7ebb74264033cb1a2178d774e7322e9

SHA1
c468e28c0da9bc1a76fd82300f4f4da2f508eef6

SHA256
1f944f3636b95c9a4af8b6f5a2f6535dea219bb248e947fc6efb21032db525fa

SHA512
9f92b376a7529b5d00600eafacdd3bd1ddeafe010aac9a4b67794882f5ee4123b9797a35903242859679920d3244e08be13160c786f1eb9007cde5a16417373f

Download Submit
C:\Users\Admin\Downloads\Valorant-Ch_\Valorant-Chế.exe
Filesize
571KB

MD5
fd71ed16cbb438b026f9e01c7830500a

SHA1
6b51fdc10a030f7ceaff446483777e30f911601a

SHA256
9ff7a248e4ab85a26566f949c897f1f7cb71fe02ce92b0ea756b45321569157b

SHA512
d3697f6846f39537f445fb3648f69a60575b730930025d4d2d955e226a7e4c0a2cb43b15271235fecdadc115d71595704fb55d65804c3605bb754d3d4680185d

Download Submit
memory/3304-134-0x000001B667D30000-0x000001B667D48000-memory.dmp

Filesize
96KB

Download
memory/3304-135-0x000001B66A420000-0x000001B66A5E2000-memory.dmp

Filesize
1.8MB

Download
memory/3304-136-0x000001B66B7A0000-0x000001B66BCC8000-memory.dmp

Filesize
5.2MB

Download