Overview

overview

10

Static

static

10

CoolCar.png.exe

windows10-ltsc 2021-x64

Analysis

  • max time kernel
    92s
  • max time network
    94s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241211-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    18-12-2024 17:51

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    CoolCar.png.exe

  • Size

    78KB

  • MD5

    26bbe8da36187e681251e537ee02a5d6

  • SHA1

    72f37404ebe8c740b5b66b00770a1bec23801171

  • SHA256

    64c4cb4614d5870771cf59554e7332d5ec4c77aca174e10f8567a75f16aeecee

  • SHA512

    a6cd581dc302119bca3f8481f7b79f02164490f3baeb49c74f78cc739c15c3538eefe59d4cf8b6338b93f53e1fa8dc40c1ba3b12c2020c83649584f55964313d

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+vPIC:5Zv5PDwbjNrmAE+XIC

Score
10/10
discordratdiscoverypersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxODczNjUwNzU4NjIyMDA4NA.GBEWK9.B_HF2HutCcnkHI0nA0ISUDKNYU8Or_bTyOcliY

  • server_id

    1318726003320950815

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Downloads MZ/PE file
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\CoolCar.png.exe
    "C:\Users\Admin\AppData\Local\Temp\CoolCar.png.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1140
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
      2⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:3144
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcda1346f8,0x7ffcda134708,0x7ffcda134718
        3⤵
          PID:5384
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
          3⤵
            PID:2180
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3536
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
            3⤵
              PID:896
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
              3⤵
                PID:1768
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
                3⤵
                  PID:1688
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
                  3⤵
                    PID:1844
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
                    3⤵
                      PID:5868
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
                      3⤵
                        PID:1424
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
                        3⤵
                        • Drops file in Program Files directory
                        PID:2388
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0x7ff64d185460,0x7ff64d185470,0x7ff64d185480
                          4⤵
                            PID:5196
                        • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5536 /prefetch:8
                          3⤵
                          • Suspicious behavior: EnumeratesProcesses
                          PID:4916
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
                          3⤵
                            PID:640
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,17078803331721952312,12274089899250897184,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4320 /prefetch:1
                            3⤵
                              PID:2940
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:3776
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:1772

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              c8c74ab5c035388c9f8ca42d04225ed8

                              SHA1

                              1bb47394d88b472e3f163c39261a20b7a4aa3dc0

                              SHA256

                              ea821d15371cdfef9f4c01c71fbe39f9db7bfd61e6a83e09b14886c5756cd9d9

                              SHA512

                              88922af80d561b3cf10963160d245044554f9011e4aec4fd40c740b06e5e87e9bc16ed309e296f549d9244b6cc93f627d6dd010eb2d325b38cbb1d43d8b95157

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              e8978379b8b4dac705f196c82cddb401

                              SHA1

                              873169c69e4aaa8c3e1da1c95f3fc6b005f63112

                              SHA256

                              83528bc9af5e037e40f14bece26788301e4555a6164b31e6010d93d7d18f0afa

                              SHA512

                              2d73194d03ea51d4154ee9556950dee1e666720c4b53fe671cf2e7647889d480c2941757d6b9b4c60a29a6799478450136f4847b0bec5d4b6aa630d9ca856308

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                              Filesize

                              984B

                              MD5

                              18a5376139f17f8b30ff15e7b419584e

                              SHA1

                              1244a91d5a5aec9f4090cb442f11e8b435ffe969

                              SHA256

                              e3ebc2605b9f70d19129b2059489893ef9cef6f67a63c31b79be36288bd8d37b

                              SHA512

                              71a17501e309cd8f07c857b679ca1d8dca9bf74841746e3b02595ee796b0826a1221c9d11bd41390266898b856c454837d27fb7e8037c45ab9b5630f9a941c75

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5897d6.TMP
                              Filesize

                              48B

                              MD5

                              548f731454da8d3bb545b768d468d0b7

                              SHA1

                              a8374b9bd19cc741b5643d85f2e774250e45d101

                              SHA256

                              4b771ba6942b6840391e619c0d34545a22c0428cc452a65d263ab8080436a368

                              SHA512

                              5746943502c5d16700b746f3a482fa80fbd342584a86ed67f206e9d25aa7f9ae94f7a484b1845a336aa0831cbf244ffd303fe762374dbcbd4356037874b80fb4

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
                              Filesize

                              70KB

                              MD5

                              e5e3377341056643b0494b6842c0b544

                              SHA1

                              d53fd8e256ec9d5cef8ef5387872e544a2df9108

                              SHA256

                              e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

                              SHA512

                              83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              e5ac83a5df5cebd154b6f2cde20a8e31

                              SHA1

                              b9ada7b0024fece10a6767b6813ac3396334e9f6

                              SHA256

                              f71f2fdadb16d1f0b88aa1fca65ed3fde7539f5166ddfb07770733ecad77ed50

                              SHA512

                              1891fd07cfd54333d7afba0103ada66cff03995e24e9a61dc96dc5c521cf48bc43b81cdd0db6925ce9b4f68e19b96d7fda80ade7fd42957fcf67e37a2f7d8bbd

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              7KB

                              MD5

                              ec29a2ce8109ca5ed4be8a7b3f2c4aba

                              SHA1

                              2baf80138e170c01cb8ec8862ce82efbca1a305a

                              SHA256

                              08e393edf0a50fe6eef7f39dc6c1cd11ad4918143bd1f31701a948396b64f874

                              SHA512

                              297b418f550a402de27ff4d0415fcffec901a59611d19a2a89cc35b5bd234f9801a44e757d326d1c334bfbc41d097af16e33275c08e6ec633b30a50ce3706c2b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              671cfbd0275770e681ef4ede37140969

                              SHA1

                              ac145dd046e86ab6aff6340664c509c4fd5f1746

                              SHA256

                              dfafdb318c177ff96d9b85ed518f229398c3f5161f0ca48ff427516292b9d823

                              SHA512

                              d76a8d3a91d1e5e84b35cfa815736c1d0bd7252381f4e540a8d7102385224167b995f698559c95fa18ed3a50e14a58fb0a96bcedb57d4770df50f98c6d331faf

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
                              Filesize

                              24KB

                              MD5

                              2dc0e85ad4fd458d34d9cc947aaf4010

                              SHA1

                              661bf6417b9df1931cc252dd4ca78defd903385f

                              SHA256

                              d043ceb120c7de0adc6120d0af09ea4844a7f957ec0023d3721a77f43061dc52

                              SHA512

                              d93e340824366e69e27838020633377f425094c9281cd31be06592760f18dc9ffaa95495846e648458f288e0253fcb9813fa74a94ce6a196be675b86a5d2506f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
                              Filesize

                              96B

                              MD5

                              9172cc04e364a29d6fc93d2db47cfc67

                              SHA1

                              bc8a61e29418393ec15c063657c295a17f55f7b4

                              SHA256

                              953c1614c02a2189d5699d918bfaaec464792bf1d928c5a63674e7081a33d251

                              SHA512

                              311f22a17d29740cb7ce014d1103be8fd2a868b26ff7d86fdea2960104f1036c2ae4e8018c68a474087ab131ca01d2d9d5620df5e3f181425a8638b40b53aebb

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5897d6.TMP
                              Filesize

                              48B

                              MD5

                              9ce212d9bff087df0a24a0ef3cdb4b4d

                              SHA1

                              0b4e1cbebebe3e83e7028eda9f9b2478340548bc

                              SHA256

                              c3ef8b2f89ac3e7a3225f1c8e9808fcff56c7892d24eabac4fbba29875901dc5

                              SHA512

                              94b9a56be2a7497d7b129c473e5ab86e0590f4d64b2e14848c4d8b3a9fa92c65eea22cec6206c0fd49517269c016bf48b7fa2d6d1a0f72f92e79c411b102e8f3

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
                              Filesize

                              16B

                              MD5

                              46295cac801e5d4857d09837238a6394

                              SHA1

                              44e0fa1b517dbf802b18faf0785eeea6ac51594b

                              SHA256

                              0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                              SHA512

                              8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
                              Filesize

                              41B

                              MD5

                              5af87dfd673ba2115e2fcf5cfdb727ab

                              SHA1

                              d5b5bbf396dc291274584ef71f444f420b6056f1

                              SHA256

                              f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                              SHA512

                              de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              206702161f94c5cd39fadd03f4014d98

                              SHA1

                              bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                              SHA256

                              1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                              SHA512

                              0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              9KB

                              MD5

                              3dcae3e07c204bf2aad3404ea3e8afcc

                              SHA1

                              b35e10865c9b9a8ed3ee64bc12b428a75a633b37

                              SHA256

                              03d68ec8bfed5b2e25a7fee19a1812aa10e4ee676ec28c2574234715a865418a

                              SHA512

                              c5f0e6d6cc829c4707eb0ff423a8240a809b8264b2ae85ad8283af8904bc679fafb45ea5d86a64582b443a9fd0205bb7f2350b5cc1dc64dde6316cf5f093ae05

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              2e5c2e2615be86fceeaca80c7ee9b4d6

                              SHA1

                              0e94d8648d1431c7b19ea46b6e61cd7695d76894

                              SHA256

                              95782cdce745776f838b650b93bb9b8a1ae7351725113fde34d33dd4bd5b1b78

                              SHA512

                              43d83e3f654fcf3915078fdc2614d39729faf987c9e17ee545e7917d61023244e5455c63b6a98521bfec6e1d3bfc2a82676d8bf90ba73a838d911d087088c2b7

                              Download Submit

                            • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
                              Filesize

                              3KB

                              MD5

                              f99256fef8e5659b2de1178b1865ecef

                              SHA1

                              b25c67c8879e624ae43270f0c33f0bc45d9efdf5

                              SHA256

                              3dd48e5e9e18387ce7955915d3750f6f4578548a1bb9a48047bff22e8b7c1937

                              SHA512

                              46300ffdea9b6b2310b99637a87787ea40652f646f0af90724d05b6209ed0c409fc07b0d4c6f3ea1f388b9dd60a56026e7556e433d258ec49ad969fb616c4e4a

                              Download Submit

                            • memory/1140-7-0x0000012805EC0000-0x0000012805ECE000-memory.dmp

                              Filesize

                              56KB

                              Download

                            • memory/1140-0-0x00007FFCDEF63000-0x00007FFCDEF65000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/1140-6-0x00007FFCDEF60000-0x00007FFCDFA22000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/1140-5-0x00007FFCDEF63000-0x00007FFCDEF65000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/1140-4-0x000001281F020000-0x000001281F548000-memory.dmp

                              Filesize

                              5.2MB

                              Download

                            • memory/1140-3-0x00007FFCDEF60000-0x00007FFCDFA22000-memory.dmp

                              Filesize

                              10.8MB

                              Download

                            • memory/1140-2-0x000001281E920000-0x000001281EAE2000-memory.dmp

                              Filesize

                              1.8MB

                              Download

                            • memory/1140-1-0x0000012804180000-0x0000012804198000-memory.dmp

                              Filesize

                              96KB

                              Download