Overview

overview

10

Static

static

10

HackerTool.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    209s
  • max time network
    209s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-07-2024 23:12

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    HackerTool.exe

  • Size

    78KB

  • MD5

    700cbe7842075702ba7a814135377cba

  • SHA1

    afc4dae81fdcd51e6cfba4df93b95473019db51d

  • SHA256

    aca13de69b970f10357414fc04b9d424e3ec91d46c48dcf23244309e6994de24

  • SHA512

    1a364f96ee78c3e83ec4a9e9a88d070a67fa55cbc4f3e2e5a99f2c4f5d933abee9f98f5537d56159a57771d82e78a19a1b14e1a52002d2420783cfafde59de11

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+LPIC:5Zv5PDwbjNrmAE+jIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI1Nzk1NzI4ODU0MzUyMjk0OA.GIpluZ.fDKYKipS9PVq4yhIAizQmTyDwK5kQQ8ux_PrHQ

  • server_id

    1257954812113190942

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 8 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 5 IoCs
  • Suspicious use of FindShellTrayWindow 49 IoCs
  • Suspicious use of SendNotifyMessage 38 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\HackerTool.exe
    "C:\Users\Admin\AppData\Local\Temp\HackerTool.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:940
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://cdn.discordapp.com/attachments/1257955606598385716/1257955793899094137/Youre_on_Doxbin.mp3?ex=6686f2e0&is=6685a160&hm=cca0c934c2d77fb81028f4800bdfc65f1812fa81209de655e0074c1b02247c2e&
      2⤵
      • Enumerates system info in registry
      • Modifies registry class
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:5056
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb37c146f8,0x7ffb37c14708,0x7ffb37c14718
        3⤵
          PID:2532
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
          3⤵
            PID:4988
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
            3⤵
            • Suspicious behavior: EnumeratesProcesses
            PID:3128
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
            3⤵
              PID:4580
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
              3⤵
                PID:4788
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
                3⤵
                  PID:1060
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
                  3⤵
                    PID:1784
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
                    3⤵
                      PID:540
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                      3⤵
                        PID:1672
                      • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
                        3⤵
                        • Suspicious behavior: EnumeratesProcesses
                        PID:4360
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
                        3⤵
                          PID:4952
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4920 /prefetch:1
                          3⤵
                            PID:208
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
                            3⤵
                              PID:3588
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5732 /prefetch:8
                              3⤵
                                PID:3684
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2136,8573955106705374455,16790706792122174576,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6076 /prefetch:8
                                3⤵
                                • Suspicious behavior: EnumeratesProcesses
                                PID:216
                              • C:\Program Files\VideoLAN\VLC\vlc.exe
                                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Youre on Doxbin.mp3"
                                3⤵
                                • Suspicious behavior: AddClipboardFormatListener
                                • Suspicious behavior: GetForegroundWindowSpam
                                • Suspicious use of AdjustPrivilegeToken
                                • Suspicious use of FindShellTrayWindow
                                • Suspicious use of SendNotifyMessage
                                • Suspicious use of SetWindowsHookEx
                                PID:2720
                              • C:\Program Files\VideoLAN\VLC\vlc.exe
                                "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Youre on Doxbin.mp3"
                                3⤵
                                  PID:540
                                • C:\Program Files\VideoLAN\VLC\vlc.exe
                                  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Youre on Doxbin.mp3"
                                  3⤵
                                    PID:2500
                                  • C:\Program Files\VideoLAN\VLC\vlc.exe
                                    "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\Youre on Doxbin.mp3"
                                    3⤵
                                      PID:2412
                                • C:\Windows\System32\CompPkgSrv.exe
                                  C:\Windows\System32\CompPkgSrv.exe -Embedding
                                  1⤵
                                    PID:228
                                  • C:\Windows\System32\CompPkgSrv.exe
                                    C:\Windows\System32\CompPkgSrv.exe -Embedding
                                    1⤵
                                      PID:3236
                                    • C:\Windows\system32\AUDIODG.EXE
                                      C:\Windows\system32\AUDIODG.EXE 0x328 0x4fc
                                      1⤵
                                      • Suspicious use of AdjustPrivilegeToken
                                      PID:1012

                                    Network

                                    MITRE ATT&CK Enterprise v15

                                    Replay Monitor

                                    Loading Replay Monitor...

                                    Downloads

                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      c39b3aa574c0c938c80eb263bb450311

                                      SHA1

                                      f4d11275b63f4f906be7a55ec6ca050c62c18c88

                                      SHA256

                                      66f8d413a30451055d4b6fa40e007197a4bb93a66a28ca4112967ec417ffab6c

                                      SHA512

                                      eeca2e21cd4d66835beb9812e26344c8695584253af397b06f378536ca797c3906a670ed239631729c96ebb93acfb16327cf58d517e83fb8923881c5fdb6d232

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                      Filesize

                                      152B

                                      MD5

                                      dabfafd78687947a9de64dd5b776d25f

                                      SHA1

                                      16084c74980dbad713f9d332091985808b436dea

                                      SHA256

                                      c7658f407cbe799282ef202e78319e489ed4e48e23f6d056b505bc0d73e34201

                                      SHA512

                                      dae1de5245cd9b72117c430250aa2029eb8df1b85dc414ac50152d8eba4d100bcf0320ac18446f865dc96949f8b06a5b9e7a0c84f9c1b0eada318e80f99f9d2b

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      5KB

                                      MD5

                                      11ea4ab7edcb1d8dab4ec86583f75ae3

                                      SHA1

                                      ba71b223d2a496a3ee4c8da697e5d3623ad91073

                                      SHA256

                                      6a82c848a9dddcb45cff7652b439e48c546ffa7b9f5481165e1d4877355a4ee6

                                      SHA512

                                      b1fd8df091f552e0a1e4bf6758d88582900c562855015bdb9a118f69bdcef281490c2533ede8ebffd6dcbb4c47396635a997ec23836d5614d6d1d4ce2af5e123

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                      Filesize

                                      6KB

                                      MD5

                                      147f7b7a8704be2cb84fb7f3965eec1b

                                      SHA1

                                      183e9436a972c2010b33aa74780028251335a205

                                      SHA256

                                      b48b24c0e620ff4dbfa66614ff385c54808f11fe5c7344e40a92a7b27f55c12e

                                      SHA512

                                      6e2105758b49856a7ccfed972d2af9c1ea9fbe5215cb12f1e44567f105e3144460f6b81e97819bdde66076d470c38a68aa64f423e3951cc26a2c20fb1a6762f1

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                      Filesize

                                      16B

                                      MD5

                                      6752a1d65b201c13b62ea44016eb221f

                                      SHA1

                                      58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                      SHA256

                                      0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                      SHA512

                                      9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                      Download Submit
                                    • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                      Filesize

                                      11KB

                                      MD5

                                      6cd81cbd75498596e74266aea39ffa9c

                                      SHA1

                                      6af6045a6558f3dc7f952ca3e3c76a246d003728

                                      SHA256

                                      d8bd6ebb3fd59c61bf4a0f9ed374fbbf645863568a6681c8d7848cedd70db090

                                      SHA512

                                      010d23f53ea1b200b671c0d2227e057a4c0288b3e1ff06582b84a7e1e442efd51e6ea29d0622716d896a6e22c4b7dd9ab75c9e676d6264f3f5db88b4f009cbc9

                                      Download Submit
                                    • C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini
                                      Filesize

                                      87B

                                      MD5

                                      35b2596437ce6984f4d20ecda634dede

                                      SHA1

                                      4895f8c370d06028dd8dc0bdd5bec65ed2fb5e84

                                      SHA256

                                      522089ea5193f6e8a26ee237a96e38a992bdc86b5af73a47f3c286a07c702ce2

                                      SHA512

                                      37424470ce76792765c2a618ce9f2247f4343fe7d864cf8149fe9dd6649511ec56f8b10c28d94de42e2eed31fb81a9a46c6bd55a7922b2adae485c21ab6f993a

                                      Download Submit
                                    • C:\Users\Admin\Downloads\Youre on Doxbin.mp3
                                      Filesize

                                      2.3MB

                                      MD5

                                      2fcad6be1d92be45ebbddbeaf4b3758b

                                      SHA1

                                      b06869d3fe5bb88ff58a183bf06ed084b726be89

                                      SHA256

                                      10fd5bac6678c51f3385dcbaa64e1e1a369187b586f5fd85298ded42cf31a3ed

                                      SHA512

                                      432ca190e7dde81fdb7b3a606bfb7af1dd0f9c00c98dca04ba840e4df8c3c371d5223d50d2791bd8948ab7e77c67d9767b70ad117d69bee30809de60cf4b7953

                                      Download Submit
                                    • \??\pipe\LOCAL\crashpad_5056_VDCWTFRQKDPNLTJL
                                      MD5

                                      d41d8cd98f00b204e9800998ecf8427e

                                      SHA1

                                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                                      SHA256

                                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                      SHA512

                                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                      Download Submit
                                    • memory/540-66-0x00007FFB49AD0000-0x00007FFB49AE7000-memory.dmp
                                      Filesize

                                      92KB

                                      Download
                                    • memory/540-62-0x00007FF6A1400000-0x00007FF6A14F8000-memory.dmp
                                      Filesize

                                      992KB

                                      Download
                                    • memory/540-63-0x00007FFB39060000-0x00007FFB39094000-memory.dmp
                                      Filesize

                                      208KB

                                      Download
                                    • memory/540-67-0x00007FFB42FD0000-0x00007FFB42FE1000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/540-65-0x00007FFB4B130000-0x00007FFB4B148000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/540-64-0x00007FFB318E0000-0x00007FFB31B96000-memory.dmp
                                      Filesize

                                      2.7MB

                                      Download
                                    • memory/940-5-0x00007FFB3CCB0000-0x00007FFB3D771000-memory.dmp
                                      Filesize

                                      10.8MB

                                      Download
                                    • memory/940-4-0x00000280F2280000-0x00000280F27A8000-memory.dmp
                                      Filesize

                                      5.2MB

                                      Download
                                    • memory/940-3-0x00007FFB3CCB0000-0x00007FFB3D771000-memory.dmp
                                      Filesize

                                      10.8MB

                                      Download
                                    • memory/940-2-0x00000280F1A80000-0x00000280F1C42000-memory.dmp
                                      Filesize

                                      1.8MB

                                      Download
                                    • memory/940-1-0x00007FFB3CCB3000-0x00007FFB3CCB5000-memory.dmp
                                      Filesize

                                      8KB

                                      Download
                                    • memory/940-0-0x00000280EF3F0000-0x00000280EF408000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/2412-103-0x00007FFB49AD0000-0x00007FFB49AE7000-memory.dmp
                                      Filesize

                                      92KB

                                      Download
                                    • memory/2412-104-0x00007FFB42FD0000-0x00007FFB42FE1000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2412-101-0x00007FFB318E0000-0x00007FFB31B96000-memory.dmp
                                      Filesize

                                      2.7MB

                                      Download
                                    • memory/2412-102-0x00007FFB4B130000-0x00007FFB4B148000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/2412-99-0x00007FF6A1400000-0x00007FF6A14F8000-memory.dmp
                                      Filesize

                                      992KB

                                      Download
                                    • memory/2412-100-0x00007FFB39060000-0x00007FFB39094000-memory.dmp
                                      Filesize

                                      208KB

                                      Download
                                    • memory/2500-82-0x00007FFB49AD0000-0x00007FFB49AE7000-memory.dmp
                                      Filesize

                                      92KB

                                      Download
                                    • memory/2500-81-0x00007FFB4B130000-0x00007FFB4B148000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/2500-78-0x00007FF6A1400000-0x00007FF6A14F8000-memory.dmp
                                      Filesize

                                      992KB

                                      Download
                                    • memory/2500-80-0x00007FFB318E0000-0x00007FFB31B96000-memory.dmp
                                      Filesize

                                      2.7MB

                                      Download
                                    • memory/2500-83-0x00007FFB42FD0000-0x00007FFB42FE1000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2500-79-0x00007FFB39060000-0x00007FFB39094000-memory.dmp
                                      Filesize

                                      208KB

                                      Download
                                    • memory/2720-113-0x00007FFB318E0000-0x00007FFB31B96000-memory.dmp
                                      Filesize

                                      2.7MB

                                      Download
                                    • memory/2720-112-0x00007FFB39060000-0x00007FFB39094000-memory.dmp
                                      Filesize

                                      208KB

                                      Download
                                    • memory/2720-121-0x00007FFB316D0000-0x00007FFB318DB000-memory.dmp
                                      Filesize

                                      2.0MB

                                      Download
                                    • memory/2720-117-0x00007FFB3DB30000-0x00007FFB3DB47000-memory.dmp
                                      Filesize

                                      92KB

                                      Download
                                    • memory/2720-119-0x00007FFB37810000-0x00007FFB3782D000-memory.dmp
                                      Filesize

                                      116KB

                                      Download
                                    • memory/2720-118-0x00007FFB38D90000-0x00007FFB38DA1000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2720-116-0x00007FFB42FD0000-0x00007FFB42FE1000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2720-115-0x00007FFB49AD0000-0x00007FFB49AE7000-memory.dmp
                                      Filesize

                                      92KB

                                      Download
                                    • memory/2720-114-0x00007FFB4B130000-0x00007FFB4B148000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/2720-120-0x00007FFB377F0000-0x00007FFB37801000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2720-111-0x00007FF6A1400000-0x00007FF6A14F8000-memory.dmp
                                      Filesize

                                      992KB

                                      Download
                                    • memory/2720-128-0x00007FFB36900000-0x00007FFB36911000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2720-127-0x00007FFB36E40000-0x00007FFB36E51000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2720-126-0x00007FFB36E60000-0x00007FFB36E71000-memory.dmp
                                      Filesize

                                      68KB

                                      Download
                                    • memory/2720-125-0x00007FFB377D0000-0x00007FFB377E8000-memory.dmp
                                      Filesize

                                      96KB

                                      Download
                                    • memory/2720-124-0x00007FFB375D0000-0x00007FFB375F1000-memory.dmp
                                      Filesize

                                      132KB

                                      Download
                                    • memory/2720-122-0x00007FFB2F420000-0x00007FFB304D0000-memory.dmp
                                      Filesize

                                      16.7MB

                                      Download
                                    • memory/2720-123-0x00007FFB37170000-0x00007FFB371B1000-memory.dmp
                                      Filesize

                                      260KB

                                      Download
                                    • memory/2720-142-0x00007FFB318E0000-0x00007FFB31B96000-memory.dmp
                                      Filesize

                                      2.7MB

                                      Download
                                    • memory/2720-151-0x00007FFB2F420000-0x00007FFB304D0000-memory.dmp
                                      Filesize

                                      16.7MB

                                      Download