Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://gofile.io/d/...

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    12-01-2025 00:03

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://gofile.io/d/l4Fhka

Score
10/10
xenoratdiscoveryratspywarestealertrojan

Malware Config

Extracted

Family

xenorat

C2

4.233.146.51

Mutex

Xeno_rat_nd8912d

Attributes
  • delay

    5000

  • install_path

    appdata

  • port

    4454

  • startup_name

    Windows Security Notification

Signatures

  • Detect XenoRat Payload 7 IoCs
  • XenorRat

    XenorRat is a remote access trojan written in C#.

    trojanratxenorat
  • Xenorat family
    xenorat
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of FindShellTrayWindow 36 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://gofile.io/d/l4Fhka
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4100
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe262ecc40,0x7ffe262ecc4c,0x7ffe262ecc58
      2⤵
        PID:3412
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1888 /prefetch:2
        2⤵
          PID:4500
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2188 /prefetch:3
          2⤵
            PID:5096
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2224,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2608 /prefetch:8
            2⤵
              PID:632
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
              2⤵
                PID:2472
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3248 /prefetch:1
                2⤵
                  PID:3152
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4448,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3688 /prefetch:1
                  2⤵
                    PID:1696
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4616,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:8
                    2⤵
                      PID:2944
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4336,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3468 /prefetch:1
                      2⤵
                        PID:4692
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5104,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5128 /prefetch:8
                        2⤵
                          PID:5016
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5112,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5280 /prefetch:8
                          2⤵
                            PID:4868
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5100,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:8
                            2⤵
                              PID:4568
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5456 /prefetch:8
                              2⤵
                                PID:1504
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5316,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5600 /prefetch:8
                                2⤵
                                  PID:4828
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4688,i,2709396793088893496,6324530829631893278,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:8
                                  2⤵
                                    PID:720
                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                  1⤵
                                    PID:3908
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                    1⤵
                                      PID:2888
                                    • C:\Windows\System32\rundll32.exe
                                      C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                      1⤵
                                        PID:3696
                                      • C:\Users\Admin\Downloads\1231.exe
                                        "C:\Users\Admin\Downloads\1231.exe"
                                        1⤵
                                        • Checks computer location settings
                                        • Executes dropped EXE
                                        • System Location Discovery: System Language Discovery
                                        PID:1388
                                        • C:\Users\Admin\AppData\Roaming\XenoManager\1231.exe
                                          "C:\Users\Admin\AppData\Roaming\XenoManager\1231.exe"
                                          2⤵
                                          • Executes dropped EXE
                                          • System Location Discovery: System Language Discovery
                                          • Suspicious behavior: EnumeratesProcesses
                                          • Suspicious use of AdjustPrivilegeToken
                                          • Suspicious use of FindShellTrayWindow
                                          PID:4684
                                          • C:\Windows\SysWOW64\schtasks.exe
                                            "schtasks.exe" /Create /TN "Windows Security Notification" /XML "C:\Users\Admin\AppData\Local\Temp\tmpB016.tmp" /F
                                            3⤵
                                            • System Location Discovery: System Language Discovery
                                            • Scheduled Task/Job: Scheduled Task
                                            PID:2388

                                      Network

                                      MITRE ATT&CK Enterprise v15

                                      Replay Monitor

                                      Loading Replay Monitor...

                                      Downloads

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                        Filesize

                                        649B

                                        MD5

                                        ea7a38d873e283b91a582de7248ed351

                                        SHA1

                                        ee93f41e7c98c4c49f7e511c0307387a6e248c8c

                                        SHA256

                                        a85dc6febb2bcddd13f2d38ea2fcb155a7585dac6ed702feb6bf90c3f5c8239d

                                        SHA512

                                        582d33ab03bcbdfe72a04582456b8c2ce8b3582d1d0be71af4fbaf4a74d2f9e4f9954f611fb474032469d473168c4f896ca7f71e31ce4fbf556111fcd55a1576

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                        Filesize

                                        192B

                                        MD5

                                        9c99ec268a62d82420d2def15376760c

                                        SHA1

                                        83eeab05b944e4186f1dfabcb11483b78233d015

                                        SHA256

                                        bf594e88410fa8f5b6c8172de883453868d95b50ace46eec213824fffa323859

                                        SHA512

                                        ff6d2dc65d7a5c0b9294b6afdde108b18f64bfaf05e65378bf36ccf542945893fcea31a29eed3280c959a98a83f8f89378e11270dfd07697e5965c95a0c4b13a

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
                                        Filesize

                                        160KB

                                        MD5

                                        44aabe5c6a1d3bdf785687a81e508047

                                        SHA1

                                        1bdd60be20d99f36846432bb89d8d3119fcb653b

                                        SHA256

                                        c824c8dbc84b9a99e9882ec9028f4a5213227427d7457d0dd94153bd467888ff

                                        SHA512

                                        853bd5444f3dbfea10b5f1c4db054a6a53adb711664f21ddaf16864130ce30d01fcd65a095fd3f81267864d1e4eaa278e7588f72d088a44036615e0f2237c6e8

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                        Filesize

                                        2KB

                                        MD5

                                        49e1303ea316a381f8c03e775ffeddae

                                        SHA1

                                        c053fb607e761f12d6714b030dfc3f87859a8528

                                        SHA256

                                        b63a0928c2f9c5ce909153d4479720a9930f9d5e9190bcabba766e5d189774b3

                                        SHA512

                                        040cfbf23af4201fe58db9505ecb30c855898927990a50d269adc864d2ef7601eaa0b42d22f978f15c0b779b29a5ceab27c89d6a1744a4d843670585a90436f7

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                        Filesize

                                        2B

                                        MD5

                                        d751713988987e9331980363e24189ce

                                        SHA1

                                        97d170e1550eee4afc0af065b78cda302a97674c

                                        SHA256

                                        4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                        SHA512

                                        b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                        Filesize

                                        690B

                                        MD5

                                        cf97a24b6c65809da4fc80bc9b5b1f0f

                                        SHA1

                                        aa3d582a89b68f3f772192386da4b89fc072c527

                                        SHA256

                                        3b25ca038a4dbc67d8053b9f6fb6725f57ad3e5f0747925814de933d2181d625

                                        SHA512

                                        eaf640326edf825539e34ad505c2c692b581fdc01bb0462d3a7cf3af1b7655cb6d16617c32f034b95d34cb7c9bf59dcff9db7cc29e6b95b9e8d5d80b76b00896

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                        Filesize

                                        9KB

                                        MD5

                                        ffde31de098da99ca8e5d24dd3b21868

                                        SHA1

                                        610300a01c0f25f2ab3d87cb33424288714e1b3d

                                        SHA256

                                        083dd5e82503a4ea6e157841da90a2f45082405409b59cd4b20312528fa4b66f

                                        SHA512

                                        793cb43af87bd8a79184a647f9427b395230747a3e77ea7406d8081d14a6f41bc69facf34ce3e2c7d6a36c2fee160d84b28d594cb246d37841494ce6c2d910c8

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        116KB

                                        MD5

                                        90ea359f1666b9efa9fb12742c7d0625

                                        SHA1

                                        4f18a13140302e1c9a3ec5914c6e12167eb411cd

                                        SHA256

                                        0f9c9efdb7b76a8fd5fe811317b6bf2b622830a9702b3422f93ef4797b2e9503

                                        SHA512

                                        08bbd95e1268d7169f47b3507d9de24b09fe92712007605ef6358e93cb06c1d033524f59370d688e993ef3d880705b58e52365e4971df997186f2f1980fb584d

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                        Filesize

                                        116KB

                                        MD5

                                        0aabf67e7078bfbf1468272c6cfb40dd

                                        SHA1

                                        f90b0b7b9cfafbb3c13fd4930d6474b49d1d7584

                                        SHA256

                                        2852ec69c553ae7df46db0e57e13ae7f5bd7491647892a8b8f22be6753912aa4

                                        SHA512

                                        3349053d27a831e16c8253ca36c2299224d6bb610770df0d9492b80f74431acffb0628f114d9b30e45fe96181f620231f3e3ea0b8cc7dd7d14563dcd9a950364

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                        Filesize

                                        264KB

                                        MD5

                                        f50f89a0a91564d0b8a211f8921aa7de

                                        SHA1

                                        112403a17dd69d5b9018b8cede023cb3b54eab7d

                                        SHA256

                                        b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                        SHA512

                                        bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\1231.exe.log
                                        Filesize

                                        226B

                                        MD5

                                        916851e072fbabc4796d8916c5131092

                                        SHA1

                                        d48a602229a690c512d5fdaf4c8d77547a88e7a2

                                        SHA256

                                        7e750c904c43d27c89e55af809a679a96c0bb63fc511006ffbceffc2c7f6fb7d

                                        SHA512

                                        07ce4c881d6c411cac0b62364377e77950797c486804fb10d00555458716e3c47b1efc0d1f37e4cc3b7e6565bb402ca01c7ea8c963f9f9ace941a6e3883d2521

                                        Download Submit

                                      • C:\Users\Admin\AppData\Local\Temp\tmpB016.tmp
                                        Filesize

                                        1KB

                                        MD5

                                        30dd5770d35398c3ae44265e109cd3cd

                                        SHA1

                                        2da7884be02cb8cc6c4f185d32d0aba4d9cb61ce

                                        SHA256

                                        90cfcb0b8aa7ac5e29a2b72035ed4619ef5ac39181c2aff9f59f69fdf8e6c1ee

                                        SHA512

                                        715daff2308bc8f6d5a7f842f61294eb393f1b858f5192373d0cbda61488000506044a10d8239db85dc554f73baf6c70bdc43ffb40f1a71e24d645354651296b

                                        Download Submit

                                      • C:\Users\Admin\Downloads\Unconfirmed 17535.crdownload
                                        Filesize

                                        52KB

                                        MD5

                                        56b8dac00240c80be77f51771f0f9b19

                                        SHA1

                                        c868ea2419fff12f1859121678f26c845e0a315d

                                        SHA256

                                        18fd988e5ad6473b1445de05532efb893b37255bf531aade23c2ea66336641fa

                                        SHA512

                                        4bf7a5d3e8b0facc9c44dfc8f789c8647f9362143905362d084e010a8938d762995bb03abe3dfb22d1a518ca217e26d83fe29a525ff897ceb9bb91799e6380c7

                                        Download Submit

                                      • memory/1388-79-0x0000000000240000-0x0000000000252000-memory.dmp

                                        Filesize

                                        72KB

                                        Download

                                      • memory/1388-78-0x000000007478E000-0x000000007478F000-memory.dmp

                                        Filesize

                                        4KB

                                        Download

                                      • memory/4684-198-0x0000000006190000-0x000000000619A000-memory.dmp

                                        Filesize

                                        40KB

                                        Download

                                      • memory/4684-199-0x0000000006750000-0x0000000006CF4000-memory.dmp

                                        Filesize

                                        5.6MB

                                        Download

                                      • memory/4684-200-0x00000000062B0000-0x0000000006342000-memory.dmp

                                        Filesize

                                        584KB

                                        Download

                                      • memory/4684-201-0x00000000062A0000-0x00000000062AA000-memory.dmp

                                        Filesize

                                        40KB

                                        Download

                                      • memory/4684-202-0x0000000005DA0000-0x0000000005DB2000-memory.dmp

                                        Filesize

                                        72KB

                                        Download

                                      • memory/4684-203-0x0000000005AF0000-0x0000000005BEA000-memory.dmp

                                        Filesize

                                        1000KB

                                        Download

                                      • memory/4684-204-0x0000000007D10000-0x0000000007ED2000-memory.dmp

                                        Filesize

                                        1.8MB

                                        Download

                                      • memory/4684-206-0x0000000005C70000-0x0000000005CE6000-memory.dmp

                                        Filesize

                                        472KB

                                        Download

                                      • memory/4684-205-0x0000000005900000-0x0000000005950000-memory.dmp

                                        Filesize

                                        320KB

                                        Download

                                      • memory/4684-208-0x000000000A1B0000-0x000000000A6DC000-memory.dmp

                                        Filesize

                                        5.2MB

                                        Download

                                      • memory/4684-209-0x0000000005EC0000-0x0000000005EDE000-memory.dmp

                                        Filesize

                                        120KB

                                        Download

                                      • memory/4684-211-0x00000000075A0000-0x000000000763C000-memory.dmp

                                        Filesize

                                        624KB

                                        Download

                                      • memory/4684-219-0x0000000007EE0000-0x0000000008160000-memory.dmp

                                        Filesize

                                        2.5MB

                                        Download

                                      • memory/4684-197-0x0000000005DE0000-0x0000000005E46000-memory.dmp

                                        Filesize

                                        408KB

                                        Download

                                      • memory/4684-240-0x00000000011C0000-0x00000000011CA000-memory.dmp

                                        Filesize

                                        40KB

                                        Download

                                      • memory/4684-241-0x00000000011D0000-0x00000000011DA000-memory.dmp

                                        Filesize

                                        40KB

                                        Download