Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Resubmissions

03-08-2024 22:36

240803-2h9tnaxfnl 10

03-08-2024 22:30

240803-2falsaxenq 10

Analysis

  • max time kernel
    112s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-08-2024 22:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/S5dzkU

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI2OTM4NDQ1Njc1NDY5NjI1Mg.GVLhu8.p9W9pzdU2KtZkMRbDo2MgONe-11pxrAtiuFYTI

  • server_id

    1269385366268416092

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Downloads MZ/PE file
  • Executes dropped EXE 6 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 7 IoCs
  • Drops file in System32 directory 11 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • NTFS ADS 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 6 IoCs
  • Suspicious use of FindShellTrayWindow 43 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gofile.io/d/S5dzkU
    1⤵
    • Enumerates system info in registry
    • NTFS ADS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:1308
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8c31d46f8,0x7ff8c31d4708,0x7ff8c31d4718
      2⤵
        PID:1360
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
        2⤵
          PID:3760
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          PID:1008
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
          2⤵
            PID:964
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
            2⤵
              PID:264
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
              2⤵
                PID:2952
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
                2⤵
                  PID:2612
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
                  2⤵
                    PID:1936
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
                    2⤵
                      PID:4268
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:2460
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4700 /prefetch:8
                      2⤵
                        PID:4888
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
                        2⤵
                          PID:4764
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5800 /prefetch:8
                          2⤵
                            PID:1672
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:1
                            2⤵
                              PID:2204
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
                              2⤵
                                PID:388
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5676 /prefetch:8
                                2⤵
                                  PID:4824
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2124,9071147374999497287,14935167182875131456,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
                                  2⤵
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:4216
                                • C:\Users\Admin\Downloads\Client-built.exe
                                  "C:\Users\Admin\Downloads\Client-built.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:432
                                • C:\Users\Admin\Downloads\Client-built.exe
                                  "C:\Users\Admin\Downloads\Client-built.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:1916
                                • C:\Users\Admin\Downloads\Client-built.exe
                                  "C:\Users\Admin\Downloads\Client-built.exe"
                                  2⤵
                                  • Executes dropped EXE
                                  • Suspicious use of AdjustPrivilegeToken
                                  PID:4628
                              • C:\Windows\System32\CompPkgSrv.exe
                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                1⤵
                                  PID:5048
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:4744
                                  • C:\Windows\System32\rundll32.exe
                                    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                    1⤵
                                      PID:4028
                                    • C:\Users\Admin\Downloads\Client-built.exe
                                      "C:\Users\Admin\Downloads\Client-built.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:2900
                                    • C:\Windows\system32\mspaint.exe
                                      "C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\SuspendInstall.jpeg" /ForceBootstrapPaint3D
                                      1⤵
                                      • Modifies registry class
                                      • Suspicious behavior: EnumeratesProcesses
                                      • Suspicious use of SetWindowsHookEx
                                      PID:2372
                                    • C:\Windows\System32\svchost.exe
                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
                                      1⤵
                                      • Drops file in System32 directory
                                      PID:3944
                                    • C:\Windows\system32\OpenWith.exe
                                      C:\Windows\system32\OpenWith.exe -Embedding
                                      1⤵
                                      • Suspicious use of SetWindowsHookEx
                                      PID:4252
                                    • C:\Users\Admin\Downloads\Client-built.exe
                                      "C:\Users\Admin\Downloads\Client-built.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:4068
                                    • C:\Users\Admin\Downloads\Client-built.exe
                                      "C:\Users\Admin\Downloads\Client-built.exe"
                                      1⤵
                                      • Executes dropped EXE
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:808

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      ab8ce148cb7d44f709fb1c460d03e1b0

                                      SHA1

                                      44d15744015155f3e74580c93317e12d2cc0f859

                                      SHA256

                                      014006a90e43ea9a1903b08b843a5aab8ad3823d22e26e5b113fad5f9fa620ff

                                      SHA512

                                      f685423b1eaee18a2a06030b4b2977335f62499c0041c142a92f6e6f846c2b9ce54324b6ae94efbbb303282dcda70e2b1597c748fddc251c0b3122a412c2d7c4

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      38f59a47b777f2fc52088e96ffb2baaf

                                      SHA1

                                      267224482588b41a96d813f6d9e9d924867062db

                                      SHA256

                                      13569c5681c71dc42ab57d34879f5a567d7b94afe0e8f6d7c6f6c1314fb0087b

                                      SHA512

                                      4657d13e1bb7cdd7e83f5f2562f5598cca12edf839626ae96da43e943b5550fab46a14b9018f1bec90de88cc714f637605531ccda99deb9e537908ddb826113b

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                      Filesize

                                      288B

                                      MD5

                                      2afaef49cea91438221917420ec0c3c9

                                      SHA1

                                      0860a1ab552da2737f69c6fd822ca9c20ca94eb3

                                      SHA256

                                      0d6064ba2590b9a3e7ec73c22014da0f3530c5c42303bf90cec4f8fbb7416b8a

                                      SHA512

                                      215a134c50f0541c97716a7175df5ed2968d9d68a67604d8073f430168d28b86cfacb12f0753131e72534a172389abc39f5eaecd3c03911aef17d6ca0eed923f

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                      Filesize

                                      391B

                                      MD5

                                      ea5191d26ad76d7268090e2d59ea8627

                                      SHA1

                                      599dfd2f0b5cfc660fb5699a959e3ecd891bc287

                                      SHA256

                                      63c91fc8fcceea02c1d1c14ef0a7cd29a796e62fba67e0adf2ad0f0260ba7a10

                                      SHA512

                                      c2046f6fad34baab2e70c2f86c1fc2fd74ff5ce016a62077f55fd58ffa3399181241e878003ea09f7ffd3d2ce29cec4b8393d802aed4050542938925a79a0516

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      c23048f0ab261c35751e5a61d7c94cb2

                                      SHA1

                                      c1c298f29c7461c1186e7cae7bc525540cd9ae8d

                                      SHA256

                                      84b787ae83ab4cfce45b4ef71c176072e0facf601ab2eb1efd06d7cc730a68f7

                                      SHA512

                                      21386a188dacdc70e867b3afb289037666d4850c90f970f743f293b32b2b88e7f377618c638ba4b512858ec637327379f899ec846a60ec0bb17d9df171840941

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      3b604fe4070bdd8917a5df119fbc8646

                                      SHA1

                                      527fa4a6bd9945009b7033f976d30c2cb4002c6d

                                      SHA256

                                      ca926483a2b38d5e8b6512fe6fb911750f99c02d48bfcb9004cc379efc9ad64d

                                      SHA512

                                      6ee895e5e7233576aba42c67623b18ec7523831e4318b6bfa37368478a26cabb9e78054116130cbd7598490319fe753a55700cd637c66967e2b5c1c444c6e0cd

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      06818b50f340c8f87ca9e10dad137849

                                      SHA1

                                      d053c792fe4ba1feaf1b8f58484db19fead02d4e

                                      SHA256

                                      46c6238974b55717648575d908cf518cf3016d3615eec444f8f8da96baab9d56

                                      SHA512

                                      9728bc5cb96c558c64a9003032b331b94193993b64026d6e0e362009f4ba60facbddae8cb81d7ce4031fc8fbb9b128b38972a0eb7b18cfb33137f855852fbcfe

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      7b5d8650a4dc72940aee0d1e9f7962c3

                                      SHA1

                                      a5f43a8a506162ef551c679079d52c0eac9c1f18

                                      SHA256

                                      1e83d0be01eb7fdc2115df19c44f1a7d2bbb283b3311e65627ac4c64c1eb315d

                                      SHA512

                                      319c142539bef72f47fa69abdc2176b23e8a4ecefe96b594a792866cf918f2849369532e1c6af62702fd1af49c0eacddf4141aa9bec62d82ecbfc378d72b9bd5

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      5d1df0cc67fdc38c961c584ab64085ab

                                      SHA1

                                      348766bd81ae9cb60d8b4cdd269f3211e5c5fbd3

                                      SHA256

                                      e00496ec1631f358af0a4d8b62fff7b163c36620d739e8456d9fb993af58f8b4

                                      SHA512

                                      952436fdda6ef3215a13bab5d79cd0f03d58d1211dbac594de782cbfd38053fe9f672dbff4cfb1bc7ce61968ecc5e6c34b037bc3fdfbb59dd2bf7afbfa589ff9

                                      Download Submit

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      10KB

                                      MD5

                                      6c85d70d1f3c1c19de0b5bc2af5d0897

                                      SHA1

                                      c36c08b43e6604518c688a3806ca1b106a56736b

                                      SHA256

                                      f03465fa50c279b399b6ea2b46b5c4c61cc37a888c76080b5cd413de2089336f

                                      SHA512

                                      725be7de0aecba04b361ce0583b583ec979cd75bb946dcbf2b19407437b9fc78606cecff83ce9ef04bada5eff7c30c704b6ddb469d5fa6538a40af7e9732c5cf

                                      Download Submit

                                    • C:\Users\Admin\Downloads\Unconfirmed 902264.crdownload
                                      Filesize

                                      78KB

                                      MD5

                                      be535c9b9dd901ef74edf40a8f5c2d57

                                      SHA1

                                      948c0396f8b2e32449b5137cb9d7c145a9f4e7e4

                                      SHA256

                                      1324ddb38c3b33f5a30b129c3b9577759f0e4179be1a21e740cf6babb9b4829b

                                      SHA512

                                      fbdbf3395ade627aeb48e9428944feae964c276ad67d866724f38aad483fd6a31d86d81e1c9e31509570c9926e3c3770fc35874a3a5b4e69804dcf97ad637584

                                      Download Submit

                                    • memory/432-124-0x00000296E3F20000-0x00000296E40E2000-memory.dmp

                                      Filesize

                                      1.8MB

                                      Download

                                    • memory/432-125-0x00000296E5480000-0x00000296E59A8000-memory.dmp

                                      Filesize

                                      5.2MB

                                      Download

                                    • memory/432-123-0x00000296C9970000-0x00000296C9988000-memory.dmp

                                      Filesize

                                      96KB

                                      Download

                                    • memory/3944-263-0x0000026C53860000-0x0000026C53870000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/3944-259-0x0000026C52F90000-0x0000026C52FA0000-memory.dmp

                                      Filesize

                                      64KB

                                      Download

                                    • memory/3944-270-0x0000026C5BB20000-0x0000026C5BB21000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3944-272-0x0000026C5BBA0000-0x0000026C5BBA1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3944-274-0x0000026C5BBA0000-0x0000026C5BBA1000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3944-275-0x0000026C5BC30000-0x0000026C5BC31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3944-276-0x0000026C5BC30000-0x0000026C5BC31000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3944-277-0x0000026C5BC40000-0x0000026C5BC41000-memory.dmp

                                      Filesize

                                      4KB

                                      Download

                                    • memory/3944-278-0x0000026C5BC40000-0x0000026C5BC41000-memory.dmp

                                      Filesize

                                      4KB

                                      Download