discordrat | 41112af8e2607ffffa2d3251374d36c2acd239e04012f4bd4b86d62b71061886

Resubmissions

13-07-2024 12:03

240713-n8hwzasbme 10

13-07-2024 12:03

13-07-2024 02:14

13-07-2024 02:06

13-07-2024 02:03

Analysis

max time kernel
149s
max time network
146s
platform
windows11-21h2_x64
resource
win11-20240709-en
resource tags

arch:x64arch:x86image:win11-20240709-enlocale:en-usos:windows11-21h2-x64system
submitted
13-07-2024 02:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

7acb83ea4e34507f021eb6d6141a8c9e
SHA1

058ae3035af017e16a1eeae3ca46b4e912420fb8
SHA256

41112af8e2607ffffa2d3251374d36c2acd239e04012f4bd4b86d62b71061886
SHA512

0b71cd12ac99eaa6d97a10386190355852227444c3765ced1bd3e50eeef8ab1c1319911cbf5a954aba1750154fc6356de6be8a9afd72b2b489424de7a8010196
SSDEEP

1536:K2WjO8XeEXF15P7v88wbjNrfxCXhRoKV6+V+3PIC:KZb5PDwbjNrmAE+/IC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
https://discord.com/api/webhooks/1261501911916482582/DWfi1umSb2C2qMgkiBlA3CToo-Okuv-IDp-C5Sr28gd-eBo70-5l1Q0ASNbSY0fxONna
server_id
1261501863644368916

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133653099682833609"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2087971895-212656400-463594913-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
816	chrome.exe
816	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
816	chrome.exe
816	chrome.exe
816	chrome.exe

Suspicious use of AdjustPrivilegeToken 51 IoCs

description	pid	Process
Token: SeDebugPrivilege	3472	Client-built.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe
Token: SeShutdownPrivilege	816	chrome.exe
Token: SeCreatePagefilePrivilege	816	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe
816	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3856	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 816 wrote to memory of 1652	816	chrome.exe	92
PID 816 wrote to memory of 1652	816	chrome.exe	92
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 3056	816	chrome.exe	93
PID 816 wrote to memory of 1860	816	chrome.exe	94
PID 816 wrote to memory of 1860	816	chrome.exe	94
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95
PID 816 wrote to memory of 2156	816	chrome.exe	95

C:\Users\Admin\AppData\Local\Temp\Client-built.exe
"C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3472

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xe4,0x108,0x7ffbf764cc40,0x7ffbf764cc4c,0x7ffbf764cc58
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2120,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=2216 /prefetch:8
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3136 /prefetch:1
  2⤵
  PID:3360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4316,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4596,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:3276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4760,i,800408221549964390,10469678541485201435,262144 --variations-seed-version=20240709-050124.519000 --mojo-platform-channel-handle=4768 /prefetch:8
  2⤵
  PID:2252

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
1c3586fb9dcba201f60e77cc9ad570a3

SHA1
161469292feddd45cfc22207128e4709feb6f165

SHA256
d679338f3d63b38cdffc6a134ac5f1e226d25daa69d9c739fa2fc16e13d6e6a7

SHA512
4bac02890b45291eeaf047a369d8218c7f5db30723b97bba0701997a87b6ba42b19cb7c19dfb136e80e21fc6047b14897e95496b1ae8334c23376980643dcd47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f2a1a1803d4b4c06a13866a79baefdc5

SHA1
e3aebbb23f5aa01de11f163b6ab47b494e057fb9

SHA256
e58f9064b8e5aa81ac106877da447d289c6bf7afedd69448e3558a11eecdea9c

SHA512
b244e8d975031366684f45d08ce083422e2f7cfc600c88fc7e53faf95174dfb10664ef8c66035a4f98dbe86a199d73b12ca67030011508dc0f2c762c13d60593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
18baf5c083417e3a59d992dd53975c55

SHA1
31b3ce33880b591f6948ff5a9fcb9d1a67df5124

SHA256
bb0503a55e3f8ecf51f592797aa4e3457c234372ad8f3936dda64b6d6f1e9a45

SHA512
a1c273971052fc092ed19aee593160ce834ca8648f1858cd16a298f63132e5edfc681f0d33eb593a5cb295c1ed46209afb9aca503a250192c8dadd27268c56de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ebd2ed9016e7ab9a6fa5909d8ed04346

SHA1
dfc8a5cf3929c892816be352dbe123428b9f3a61

SHA256
b87b8a8ff455240e1cbd7211c580757bb1f01aafe0105ed7785e9c2af456ecec

SHA512
963f983f991ca7a5fae35e5700b22f82d8ef373f57b7bef50d34e879705e031c02e2d167e0b0c6be4a8ba5fe347a7f50d40abf514e9dd27dd0a24b0890901120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
183KB

MD5
805a8aad53fa7b4f62d1bffa48eb4ce1

SHA1
4c514194b9a716140ec44a97cea992a9bf1a1207

SHA256
8f6f106800255c2223b1ea35d78d43c2cf0e848b28e5d5c9d82abf6e27828019

SHA512
e9c83fd88d88e0bf5d41ee26bed9f64b2cf41f20222f7abe811ed615eb37ac6e8b17a143be3681baf7a855439876467685975d2d4f7dffcc7ee63a894f615e27

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
6aeeb0c8a2ef7fbe516d97eb9878852f

SHA1
88e3ccb8d30570986e24ce301236a7d06b03498f

SHA256
d7b36d51575d85d25139a93bedcc7f8a933039b0410ade210080859e0d4866e5

SHA512
7a6b3173517ee204501f173257be64bb4d985a6e4fb79b5aa0b9d090f698f8d9372554b5511e8a6ab579ddd66c2a2ee9ec4cfb956a766c28832d446ff988e0f8

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
b9c541a1c78d57d6db25e744c19b2237

SHA1
743ef763940b63df04bd256207083631ac359625

SHA256
c83b9be4828e2b6f09e5a33ac59419244d4eda9a3fe5f1f58e09f2b3ac3e5de9

SHA512
65057cc83b91f5b0be22e4864ee5da3accd041220dd7e188db07ea788de7f080fc639132f071a371b0c77f7041a3cbe84a51d95b61507fc208fb90ab35e4a58d

Download Submit
memory/3472-3-0x00007FFBFD490000-0x00007FFBFDF52000-memory.dmp

Filesize
10.8MB

Download
memory/3472-12-0x00007FFBFD490000-0x00007FFBFDF52000-memory.dmp

Filesize
10.8MB

Download
memory/3472-4-0x000002D7012B0000-0x000002D7017D8000-memory.dmp

Filesize
5.2MB

Download
memory/3472-0-0x000002D7653B0000-0x000002D7653C8000-memory.dmp

Filesize
96KB

Download
memory/3472-2-0x000002D77FAB0000-0x000002D77FC72000-memory.dmp

Filesize
1.8MB

Download
memory/3472-1-0x00007FFBFD493000-0x00007FFBFD495000-memory.dmp

Filesize
8KB

Download