discordrat | hxxps://github[.]com/LuNarr6567/Jailbreak-Duper/blob/main/Jailbreak%20Duper[.]zip

Analysis

max time kernel
40s
max time network
39s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
19-07-2024 21:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/LuNarr6567/Jailbreak-Duper/blob/main/Jailbreak%20Duper.zip

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIxNjc1NTM0Mjg4OTcxMzcwNQ.GgoR-h.BIoJnlUNlhb0KDcyJ9vUxlnk-8cdlAxARwkSf0
server_id
1216754832312897577

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
57	raw.githubusercontent.com
58	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
1200	msedge.exe
1200	msedge.exe
368	msedge.exe
368	msedge.exe
1760	identity_helper.exe
1760	identity_helper.exe
4724	msedge.exe
4724	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	1460	Jailbreak Duper By LuNarr.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe
368	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 368 wrote to memory of 2376	368	msedge.exe	84
PID 368 wrote to memory of 2376	368	msedge.exe	84
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1396	368	msedge.exe	85
PID 368 wrote to memory of 1200	368	msedge.exe	86
PID 368 wrote to memory of 1200	368	msedge.exe	86
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87
PID 368 wrote to memory of 4132	368	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/LuNarr6567/Jailbreak-Duper/blob/main/Jailbreak%20Duper.zip
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa19f046f8,0x7ffa19f04708,0x7ffa19f04718
  2⤵
  PID:2376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:1064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:1392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:1680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,8587105453226433047,1431361285004887663,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:3836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4900

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:844

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3824

C:\Users\Admin\AppData\Local\Temp\Temp1_Jailbreak Duper.zip\Jailbreak Duper\Jailbreak Duper By LuNarr.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Jailbreak Duper.zip\Jailbreak Duper\Jailbreak Duper By LuNarr.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1460

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8b4018d2defb752808bb235d169f4357

SHA1
b466e730adb3de3435abed253012ec29dc89e6d9

SHA256
08f37fc8d9efdf736734221ba097a26bff04beb39fa4113196c340e7c84f0ca1

SHA512
fc9122082e9ac6cd2f76d8ceb924b9ba23b9969fa974e46643505f1906409b41d0f2ad8e3415cfcc3bc3eb04171803d6fc5e30b97295064cd87629c2ff45f3ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c6b62245dafd94f8cf297ad4a7c81b74

SHA1
1f5b89b667cef8f88508dfb9e237eabdf1f68c03

SHA256
491c2aea5cdbce0291c09cc2f5a37e76b8a4ef3c9fd50ee38fef2ed0a592acd4

SHA512
ca72d1e413fbf51cfeb37fc3edbb5a3ca232c60d85d8e0b29d7bb034520c3779752c96b936f1c4a260d4c7d506f553c2c02af9f8ced4b31d5e2a029e7c864559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6e1725146b71775e3da93778fd05683f

SHA1
17afa319cedf7443b0132bc4867f0a062488e421

SHA256
d46f7221a62f962c7f2cdb832ddcae4ad83de9393138201645714caf835c7df3

SHA512
272d22dcbf54aabdea25a409b230f0a96f85c119c9180b2565064cf7da441646127d3f0cc3269c2075712709b9e103c5497efbaf8ff86888124a0ea075649e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bc87dfa70256f09a353a5c2df13bce14

SHA1
c86e75d0b48a44f8d65bdd20ff7765d53cbbf22f

SHA256
66b71016f63a4dcb2b3b0f9c7ce1f078d91633e50d084f8c43f48c5d23a373f2

SHA512
e0ce88a5da15222009ba6a9bd8393455778f16d58531c08bbc78e9637d022a2ee507cfb2a8160dee22ceecefd61a045aa4849a65ad14a0fd3f2602c65cb9d438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
bb225fd5fcde987e9ecf2fa112732a66

SHA1
581de25a8fb8b4df5ca8f50bb68319ea512a0ac3

SHA256
a2e27b77417eff9568cc4f0a748ae568a69fb469ad4325e5dd173b65e48fb3ef

SHA512
258008012394dcb0e3f0e2fdc9eb183f7ebddd52334b82783cce808470461b58d249b8a9bc756707e71a406798aeaecd321b2c77c156101d1b5955d3a80ff532

Download Submit
C:\Users\Admin\Downloads\Jailbreak Duper.zip

Filesize
28KB

MD5
b16034d8a9f0ff93d3c9115760b3b243

SHA1
b70dfcfb0af46e360126ef768bc81f2c3bf22934

SHA256
2f73b571a2269c7631f71e5c21b24e60722db8d7b2a154ec4d276012b91b4307

SHA512
b6f231db55b3b8d92d6bbd18a879421c1f1e4902e2027c654fe35df4239084cbf7da1af6b7dfaf2beca9627a8ce4b42004527330bf07a77e1e3b18eec919d10a

Download Submit
memory/1460-187-0x0000021E5E9F0000-0x0000021E5EA08000-memory.dmp

Filesize
96KB

Download
memory/1460-188-0x0000021E78FA0000-0x0000021E79162000-memory.dmp

Filesize
1.8MB

Download
memory/1460-189-0x0000021E798E0000-0x0000021E79E08000-memory.dmp

Filesize
5.2MB

Download