Analysis
-
max time kernel
147s -
max time network
147s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
17-06-2024 17:55
General
-
Target
builder.exe
-
Size
78KB
-
MD5
5680a6247bf2ac6bd97f463863b3790c
-
SHA1
6a18553f769b60cc23b7fe5c87f3fcc1de060d36
-
SHA256
6fbb1c25814dd749fb423bc4f9bca99919030278a27ca09b9f997b3ef84d3c1d
-
SHA512
9ccdd13ab4d40542c4f38c6cee4553d7179d08b7e4926170fb582a6f6303e9c2358538f2b5b936e3112943b0df394c08350cc4b35e64c93c2831a8ceec738a18
-
SSDEEP
1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+sPIC:5Zv5PDwbjNrmAE+AIC
Score
10/10
Malware Config
Extracted
Family
discordrat
Attributes
-
discord_token
MTI1MTE4NjM4OTk1MzgxMDQ5NQ.GcIZgp.AMqtZCZqZtUob-d3gzU2LOM5ax5FJRSnHAEFIA
-
server_id
1250120108064378900
Signatures
-
Discord RAT
A RAT written in C# using Discord as a C2.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 21 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 6 IoCs
-
Modifies registry class 1 IoCs
-
Suspicious behavior: AddClipboardFormatListener 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 2 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 15 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\builder.exe"C:\Users\Admin\AppData\Local\Temp\builder.exe"1⤵
- Sets desktop wallpaper using registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.gofile.io/d/xgyRaW2⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3868 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=3716 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=4752 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5476 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5468 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5956 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6188 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --mojo-platform-channel-handle=6376 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --mojo-platform-channel-handle=6500 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --mojo-platform-channel-handle=6720 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --mojo-platform-channel-handle=6832 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --no-appcompat-clear --mojo-platform-channel-handle=4760 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:81⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --mojo-platform-channel-handle=6208 --field-trial-handle=2272,i,4858140932023865871,5726683989663339295,262144 --variations-seed-version /prefetch:11⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x244,0x248,0x24c,0x240,0x2dc,0x7ffdb24e2e98,0x7ffdb24e2ea4,0x7ffdb24e2eb02⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2212 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=2448 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:32⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=2472 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4396 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4396 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=572 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4444 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4400 --field-trial-handle=2216,i,10599111023156900699,4629638368570213066,262144 --variations-seed-version /prefetch:82⤵
-
C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE"C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE" "C:\Users\Admin\Desktop\SaveWatch.xla"1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
280B
MD5c7ea659ec8d115fc6440c488b60c84a7
SHA17de2e828f7443f809ddb79548ed8958f7512ae31
SHA25688024825193cc6e5fc0d76cc93d2b949f75df112b8dcf73c3578fc588a42dc0d
SHA512f9c806af88af50d19a6819dbd67dc53e0ad4e25e8b8c9fff5ec01f1065936fb2cfa6f03d8a33a9ada5faf19213585af36861a0d53a0604aa9a6a29f8f509c4ca
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.jsonFilesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending ReportsFilesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch DictionariesFilesize
40B
MD520d4b8fa017a12a108c87f540836e250
SHA11ac617fac131262b6d3ce1f52f5907e31d5f6f00
SHA2566028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d
SHA512507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
11KB
MD5e5e951e2f5fd16c3908483455ceaa115
SHA15b612aca21ce1385d62353a88f1fd3bf59113117
SHA2568bc61b609362fad161a4d99828c03e5213c2376feb8b9bd3166fdf077733dc7f
SHA512bf81f3d6253b6a650dcfe1a90a5e4885ec031466927856147100718d03b274599325ea98c22774c87e80f7f5dfa6000b3b6071a8745f4bb5f08702349261ea51
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure PreferencesFilesize
30KB
MD524b96750f01df0715f59cd5c9b470875
SHA1a69d0a2282c31b4c9a6c0d9a7ca6bf00c216bca8
SHA256540ca18c38d86cd1b0b35ec1af5bf32cef58961bb2418f8f467e74e847acade6
SHA512cd63714543fb6dad9b4546ee1d73e92e53046e2f987e368ea5bb29a4e4ffd98a670feefea031def0652eebb982cb5d991925cb01a10b6c170c8fa7472bb35a31
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
68KB
MD5d79e9a70ee627b25d262b7d2edad1b4a
SHA1149bbd9648732195610a386cc908c90b0feef4b6
SHA256792e7a8661bfdac05b8cabcf7f96572070294b42ae159286ec2d37b475f9e575
SHA512356a049d15aeffbfea599611226a7b3939d3058fd172d7bff329012df55358850c4610eacacae0e801ace90c0b250884eefef08c1379fb6229914b02a91c6ed5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
58KB
MD5446c7794261fa70efc676f9bca5b3bb2
SHA1334bbb7db047a6c9c1c40e01c4a56070effc3124
SHA256eb6f86276ee4876ae090ec35ed98548f35eec2745e40e52cad1f95773ae630c1
SHA5120c4a8e446b767aa78c9f47056c6ddd189896af2d4aaca7646168d3ab39c02e8dce8c9383181c059e1bec40df28bf807240df6d84dfc4c0e89f6d9af71befacc3
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e0495fde257df2ef62ee7e3fdb1ebb9d7ff72300.tbresFilesize
4KB
MD55d57001c78bc6f9c552726fd8b44c24e
SHA15839e416eac9f5920fc84ff4c1a5f49af18ceff0
SHA2562c5992152acdecdce9919b00c083384cfc818614d7470340808d7358ebfec1f4
SHA5123c231308aa5b283adb8c5ceaa2ae44f490a99bf4779d855117ca01452bc4caed260eca3b2c7d333d2e27bb2901b0766deedbaeda86dc2c7ce76be4b9dd09b790
-
C:\Users\Admin\AppData\Roaming\Microsoft\Office\Recent\index.datFilesize
255B
MD506eb5ce17f43d3a771ec34c13af82116
SHA138d9e1896e649eea70847dc9da3469a2f4a8193b
SHA256852f14707b21304927d6a62182695e1ee52d507aeb853bbca68076fcd3118713
SHA5126890b83ead633160854a498dac3a096ce048a3f2edfbf8746d4fa0f62db59b5cbf44b491c7c1657bd0aa15911e744a3ffbbeca5146f097ea09d140ed7a55e12e
-
\??\pipe\crashpad_3236_VFZAYBUFBVAVAOYVMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/868-5-0x00000232A1A70000-0x00000232A1B72000-memory.dmpFilesize
1.0MB
-
memory/868-4-0x00000232A21F0000-0x00000232A2718000-memory.dmpFilesize
5.2MB
-
memory/868-7-0x00007FFDB9F93000-0x00007FFDB9F95000-memory.dmpFilesize
8KB
-
memory/868-1-0x00000232871E0000-0x00000232871F8000-memory.dmpFilesize
96KB
-
memory/868-2-0x00000232A18A0000-0x00000232A1A62000-memory.dmpFilesize
1.8MB
-
memory/868-3-0x00007FFDB9F90000-0x00007FFDBAA51000-memory.dmpFilesize
10.8MB
-
memory/868-0-0x00007FFDB9F93000-0x00007FFDB9F95000-memory.dmpFilesize
8KB
-
memory/868-8-0x00007FFDB9F90000-0x00007FFDBAA51000-memory.dmpFilesize
10.8MB
-
memory/940-44-0x00007FFD97220000-0x00007FFD97230000-memory.dmpFilesize
64KB
-
memory/940-138-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-25-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-46-0x00007FFD97220000-0x00007FFD97230000-memory.dmpFilesize
64KB
-
memory/940-21-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-24-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-22-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-140-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-139-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-137-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB
-
memory/940-23-0x00007FFD996D0000-0x00007FFD996E0000-memory.dmpFilesize
64KB