discordrat | hxxps://github[.]com/moom825/Discord-RAT-2[.]0/releases/download/2[.]0/release[.]zip

Resubmissions

01-08-2024 07:51

240801-jqaqeszdqm 3

24-07-2024 09:26

240724-lehb8s1hld 10

Analysis

max time kernel
36s
max time network
36s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
24-07-2024 09:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	builder.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133662868081404307"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeDebugPrivilege	3920	Discord rat.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeDebugPrivilege	1540	Discord rat.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe
Token: SeShutdownPrivilege	4620	chrome.exe
Token: SeCreatePagefilePrivilege	4620	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe
4620	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4620 wrote to memory of 4136	4620	chrome.exe	84
PID 4620 wrote to memory of 4136	4620	chrome.exe	84
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 4900	4620	chrome.exe	85
PID 4620 wrote to memory of 2452	4620	chrome.exe	86
PID 4620 wrote to memory of 2452	4620	chrome.exe	86
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87
PID 4620 wrote to memory of 1072	4620	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/moom825/Discord-RAT-2.0/releases/download/2.0/release.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90f76cc40,0x7ff90f76cc4c,0x7ff90f76cc58
  2⤵
  PID:4136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2084,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2080 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1556,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2128 /prefetch:3
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2280,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2244 /prefetch:8
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3112,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4780 /prefetch:8
  2⤵
  PID:1124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,3825259967020892351,11267390767793622839,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4840 /prefetch:8
  2⤵
  PID:64

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:2468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1696

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1780

C:\Users\Admin\Downloads\release\builder.exe
"C:\Users\Admin\Downloads\release\builder.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3288

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3920

C:\Users\Admin\Downloads\release\Release\Discord rat.exe
"C:\Users\Admin\Downloads\release\Release\Discord rat.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1540

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b40ce4b67aa081884c82bf3da7334b7d

SHA1
4ba4a15da3707c25a8c8434979b1ae7e98d4f66a

SHA256
b67dfb5b02e38f511ba9fea621d116e51f4eb7e5528c40204256cd1af196dc08

SHA512
111acab7374818a157d9ca33520584cba55877bb5b229770aada9217580565bd05a7dfde7dc555d72a4f8441da28c58ac1ef95aa54f16c78f80ea603bc535ebd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4a0eb151975dccd430b3ba11df4694d9

SHA1
df867895865c9b72158aaaa2e1ff430949a1331f

SHA256
a52830f49d8b66c2957bdbf3a99d3368491142ae7f02b36d8410295f0a20a897

SHA512
c6db2423fc37ecf982bff9eaefc3c734cb7cbeab66bfafaa2551cc637555df796f02d000208025a28e11e2a9661325a0a7607059dbdc2fd68501b8c46c2a1193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
7ee357884a9dfe57885f7f6232ba830e

SHA1
a7cd0115584a3945dab87974ff1a876200125717

SHA256
1049f11b8cb2682854e8f6635ea06a564a79bacca9c165f8dc37a1029541e798

SHA512
440a578cb187c7c1fabeef981762c838a914a5a7874db1fb3696b551641867ec3e33bcad1e03e3af46d3499b0efdd5a9e91a5283fbe5c23138f4a5b7f1ce3621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
57a93e8b16d41cc0c6d5c3843f6e7e1a

SHA1
400be56be0d27ad0df0b3a03b488327453167863

SHA256
3a67d9822ce1dbf89715c00bb2eea50787e46cd776e0dfeb0469fdad630a6ee2

SHA512
f10839b3e057cc8b18366342656b431480c7bb56de1feac583d37cb24eeda2746ffcef453aaf644633679d2d68e94d1363964ccbaa308f27bf10e2021e76077c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
00bb20046fed2bc6f3cdcfb47d400884

SHA1
08b66d1119c6014c40de4f116555c0f0d8a8d443

SHA256
4188511ff278a5c3acf314e4d3616a9cbef6645fc82cd1ab1a07c51154195dc4

SHA512
b8b672c838e64efac8a5ae92191119aef8a99428b92d186380a1fe2f0af2a95c42630c42a84c5e2f47fc596486748eccd33f90236f76b0f83ed1d7b393e61dfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a9ac7cc55a40df8a8e003ad2e521c824

SHA1
c739411a656b5f4a8c38f5544904b2ff2fa61e7d

SHA256
46f56fa9a4914717e5a1123b2cff1cf068403bd85d2e22fc8c80ded78feb005d

SHA512
7ccff4549a332806442fe95a8a0daf6d938ebab0aec61cab1383d3a1d1fe8bc9b38f18fcb3f10740b94f33a5a67ce9d5db4958c80deeda4a0eff039956de3023

Download Submit
C:\Users\Admin\Downloads\release.zip.crdownload

Filesize
445KB

MD5
06a4fcd5eb3a39d7f50a0709de9900db

SHA1
50d089e915f69313a5187569cda4e6dec2d55ca7

SHA256
c13a0cd7c2c2fd577703bff026b72ed81b51266afa047328c8ff1c4a4d965c97

SHA512
75e5f637fd3282d088b1c0c1efd0de8a128f681e4ac66d6303d205471fe68b4fbf0356a21d803aff2cca6def455abad8619fedc8c7d51e574640eda0df561f9b

Download Submit
memory/3288-56-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

Filesize
32KB

Download
memory/3288-58-0x00000000055B0000-0x0000000005642000-memory.dmp

Filesize
584KB

Download
memory/3288-59-0x0000000005760000-0x000000000576A000-memory.dmp

Filesize
40KB

Download
memory/3288-60-0x0000000074C80000-0x0000000075430000-memory.dmp

Filesize
7.7MB

Download
memory/3288-57-0x0000000005A80000-0x0000000006024000-memory.dmp

Filesize
5.6MB

Download
memory/3288-55-0x0000000074C8E000-0x0000000074C8F000-memory.dmp

Filesize
4KB

Download
memory/3920-61-0x00000263AB970000-0x00000263AB988000-memory.dmp

Filesize
96KB

Download
memory/3920-62-0x00000263C5F60000-0x00000263C6122000-memory.dmp

Filesize
1.8MB

Download
memory/3920-63-0x00000263C6760000-0x00000263C6C88000-memory.dmp

Filesize
5.2MB

Download