Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/N...

windows11-21h2-x64

10

Analysis

  • max time kernel
    208s
  • max time network
    209s
  • platform
    windows11-21h2_x64
  • resource
    win11-20240802-en
  • resource tags

    arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    15-08-2024 23:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/download/v0.5.8/COMPILED.zip

Score
10/10
asyncratdefaultdiscoveryrat

Malware Config

Extracted

Family

asyncrat

Version

0.5.8

Botnet

Default

C2

127.0.0.1:6606

127.0.0.1:7707

127.0.0.1:8808
Mutex

qP5KflqAARxp

Attributes
  • delay

    3

  • install

    false

  • install_folder

    %AppData%

  • pastebin_config

    https://pastebin.com/raw/s14cUU5G

aes.plain
aes.plain
aes.plain

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

    ratasyncrat
  • Async RAT payload 3 IoCs
    rat
  • Executes dropped EXE 5 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 12 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies registry class 64 IoCs
  • NTFS ADS 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 26 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 22 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/download/v0.5.8/COMPILED.zip"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1732
    • C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp/releases/download/v0.5.8/COMPILED.zip
      2⤵
      • Checks processor information in registry
      • Modifies registry class
      • NTFS ADS
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4480
      • C:\Program Files\Mozilla Firefox\firefox.exe
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1924 -parentBuildID 20240401114208 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d9f31c3-6ffe-4475-894a-c5d2f89a8fb4} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" gpu
        3⤵
          PID:1656
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2352 -parentBuildID 20240401114208 -prefsHandle 2260 -prefMapHandle 2256 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c2557715-bb90-431d-9d3b-4bbfce5d59d7} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" socket
          3⤵
          • Checks processor information in registry
          PID:3992
        • C:\Program Files\Mozilla Firefox\firefox.exe
          "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3032 -childID 1 -isForBrowser -prefsHandle 3044 -prefMapHandle 3152 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5063e8a-f453-46b5-ac87-0af81fbc81c4} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
          3⤵
            PID:3380
          • C:\Program Files\Mozilla Firefox\firefox.exe
            "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3652 -childID 2 -isForBrowser -prefsHandle 3536 -prefMapHandle 3532 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ec50270-d5bf-433d-86df-4cb8a54202fd} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
            3⤵
              PID:1692
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4444 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0fd2606c-c7a6-4894-9d4e-2c9d9d20e535} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" utility
              3⤵
              • Checks processor information in registry
              PID:480
            • C:\Program Files\Mozilla Firefox\firefox.exe
              "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5428 -childID 3 -isForBrowser -prefsHandle 5420 -prefMapHandle 5416 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6277e010-8e52-4c93-a4d6-c6d4ae5fa390} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
              3⤵
                PID:2864
              • C:\Program Files\Mozilla Firefox\firefox.exe
                "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5552 -childID 4 -isForBrowser -prefsHandle 5560 -prefMapHandle 5568 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f4238645-2e67-4628-8e66-03494ee5f611} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
                3⤵
                  PID:3528
                • C:\Program Files\Mozilla Firefox\firefox.exe
                  "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5728 -childID 5 -isForBrowser -prefsHandle 5736 -prefMapHandle 5740 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 936 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d98de448-fdce-4ea7-9f67-212a9b6889a1} 4480 "\\.\pipe\gecko-crash-server-pipe.4480" tab
                  3⤵
                    PID:3732
              • C:\Windows\System32\rundll32.exe
                C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                1⤵
                  PID:1896
                • C:\Users\Admin\Downloads\AsyncRAT\AsyncRAT.exe
                  "C:\Users\Admin\Downloads\AsyncRAT\AsyncRAT.exe"
                  1⤵
                  • Modifies registry class
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious behavior: GetForegroundWindowSpam
                  • Suspicious use of FindShellTrayWindow
                  • Suspicious use of SendNotifyMessage
                  • Suspicious use of SetWindowsHookEx
                  PID:5116
                • C:\Windows\system32\wbem\WmiApSrv.exe
                  C:\Windows\system32\wbem\WmiApSrv.exe
                  1⤵
                    PID:4996
                  • C:\Users\Admin\Downloads\AsyncRAT\AsyncClient.exe
                    "C:\Users\Admin\Downloads\AsyncRAT\AsyncClient.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1168
                  • C:\Users\Admin\Downloads\AsyncClient.exe
                    "C:\Users\Admin\Downloads\AsyncClient.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:4656
                  • C:\Users\Admin\Downloads\AsyncClient.exe
                    "C:\Users\Admin\Downloads\AsyncClient.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:2144
                  • C:\Users\Admin\Documents\AsyncClient.exe
                    "C:\Users\Admin\Documents\AsyncClient.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:792
                  • C:\Users\Admin\Documents\AsyncClient.exe
                    "C:\Users\Admin\Documents\AsyncClient.exe"
                    1⤵
                    • Executes dropped EXE
                    • System Location Discovery: System Language Discovery
                    PID:3668

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AsyncClient.exe.log
                    Filesize

                    425B

                    MD5

                    bb27934be8860266d478c13f2d65f45e

                    SHA1

                    a69a0e171864dcac9ade1b04fc0313e6b4024ccb

                    SHA256

                    85ad0d9909461517acf2e24ff116ca350e9b7000b4eefb23aa3647423c9745b4

                    SHA512

                    87dd77feac509a25b30c76c119752cc25020cca9c53276c2082aef2a8c75670ef67e1e70024a63d44ae442b64f4bc464aee6691e80c525376bb7421929cfa3bb

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json
                    Filesize

                    21KB

                    MD5

                    71bcf33aa365204f1792f8894887efc0

                    SHA1

                    6441de4f526fc7e35b5aaa698b9b3db4ef030254

                    SHA256

                    41921c340be45934e81c1c80b636a0784e3a6311099e77c197b8ffc7756416fb

                    SHA512

                    6beea316bad828401f47afd6dfc056f7fb2fcb9e7ac902f531eb3ef6b5afb40a1133775da9c4a87f95e886803a99a709755ac9dacc93fe8fff2d4b535ddd72de

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_fx151tyrsczyirmdylsbsn0fle1ziltc\0.5.8.0\user.config
                    Filesize

                    319B

                    MD5

                    f71f55112253acc1ef2ecd0a61935970

                    SHA1

                    faa9d50656e386e460278d31b1d9247fdd947bb7

                    SHA256

                    d1ad588a08c8c0799d7a14509f1e0a7ae04c519102ed9d328a83fe65999e6179

                    SHA512

                    761b5c13e39bd4ae21d298084bbe747ae71c383fedf9a51fd5e9723a8b3b4547de459d82bac7f3f8f3bfc11cfb0528a4f1057b51996d7d046583109a53317b44

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Server\AsyncRAT.exe_Url_fx151tyrsczyirmdylsbsn0fle1ziltc\0.5.8.0\user.config
                    Filesize

                    565B

                    MD5

                    d8a65337566e3f0b7eccbe915604b364

                    SHA1

                    e67981c880ab5cdb7ec35f093bf29f73b7af4394

                    SHA256

                    dbb7af9f1816bb8b5969490bee7839db8110ebca5f8a6188f3ddd4c6bdae7c81

                    SHA512

                    dabddd6d743bb023c9d3dae4744e013bc6183f222d63a1f25f7a1e6c34b84a9fab52db8a6641f5125bc69d770f752fa57c41da435f8c22cfa293d1dedbc1820b

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-661032028-162657920-1226909816-1000\314b778029d845dd0656f4c320392ddf_397a1569-0be2-47f2-b50f-ef09823a05f8
                    Filesize

                    3KB

                    MD5

                    be4d885c18c505f89ec44b6eff95814c

                    SHA1

                    87ceb77dda32e92a8336e77913627d866b8aa0c3

                    SHA256

                    d57a30cd4ab6877a0bc25e9146040cf6b48517b0660cfa0ca5e370198b8d04ce

                    SHA512

                    2a8e69ad2e3c33bb38e301f6709f6cadc486130ffecfeab0808257c578adce9e2f1d7bad61593a40a3a35b2e7d508733310280ca535edb0288584f6a3d5f7be8

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp
                    Filesize

                    5KB

                    MD5

                    ca1cee05ef45a84b257dd1a0d813d0d4

                    SHA1

                    99370e2e5e762184047856f9931e3567438d0c57

                    SHA256

                    1fd5c311837f2e269feb64a5ce1e7cb5c278a1ad671a1c31543295d4d9427572

                    SHA512

                    700fefc62a9c2ca25f6c80bab02aeee90c3730477c00ab4bffd3e4472e62ea392c95d47943f8e0c698e08771743b9e349c5dd8ca2f7d54f74ab76a7f84c846bd

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\4db2926e-bee5-45cb-b624-73c5a42e8c4b
                    Filesize

                    982B

                    MD5

                    12a8ff64a44ff533f878e27dd027cc59

                    SHA1

                    c1367c49b44af87182386288ae12f03bb2796302

                    SHA256

                    e7cf8b98c8546e36699e6a9a40f9f856377d38f0659b6b183432ad6e87e74968

                    SHA512

                    526f2b5e44416251befee877520275c7954b4479c5f313df5b8c562d2e7760d94359424917cc3e2d36e74110a0e4cb3fa12751a23d70d240d85effd9733dc22d

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\634d7939-68f6-484b-a9c6-aaa74b37ac6d
                    Filesize

                    671B

                    MD5

                    5285d5645fce6115c54d6cb7811d9dff

                    SHA1

                    753f97777aa27beb5cb2600034b86b07406d2926

                    SHA256

                    2f7da510e4efc227bd338b83877843d1cff971b59f7fcc9acccff423aa7eba37

                    SHA512

                    3b7775da61ef4ac11006a7539dcd7a9af30fd71ad7605a57a4ffa7795a8c91cd8ba0db671903638bdfdcf691044bf6410fd017b7970d280af0bf34bc0bfaafbe

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\d68b1d12-5d0b-4088-ac1a-4f0914def4a4
                    Filesize

                    26KB

                    MD5

                    feeff2fef12dc502bf5362a06a9ba87d

                    SHA1

                    5231ed497ad1dd6be68a20f680e1d0fddb97b40e

                    SHA256

                    7ab3703b6684071669cfa1eb2f8a1dad5e7f177a3609b632b78c0e4e50beae75

                    SHA512

                    933216154fa619f53b45035d5230cdb8d41c5f2059a9babf291dbb8f2524dca093a1a21df5be78ceb65d5f77bc62796c406f15f663e710b54ddba83952047bf2

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js
                    Filesize

                    10KB

                    MD5

                    021444d813d5f0a140843ac675312030

                    SHA1

                    eeb245d1e32a7cb093d459709a370159c6cd4f52

                    SHA256

                    2e2ca2eca449a790a8c2070593777fd5c79164ef22216352afe2eb0b7964a825

                    SHA512

                    b8af476c48a975fad1e87db4ba33e1cb78f9cd2e8e277f33f67a657600ae8331a8b52c286befcf8c392c9a0a78199f5eaf7b317d1d3022f1afce57252f594c0e

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js
                    Filesize

                    10KB

                    MD5

                    333a13fdd692cd38db7c21842940059b

                    SHA1

                    4d41e32524aa3527780a5643465253f83a6bf68d

                    SHA256

                    0dd2f5f97dded0ff1ceb185bc7c8c114c59f8ae6dc7c9c1a0ee66aa77f3144c7

                    SHA512

                    6936629b75e753d3d6a7d2b5ad5590b8b145365a8875aca85c22e85550590f29e1bb56bb8297febe85a68a53b609dac614bec25b2eaa23ebdc7fe8891d8631bf

                    Download Submit

                  • C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionCheckpoints.json.tmp
                    Filesize

                    288B

                    MD5

                    362985746d24dbb2b166089f30cd1bb7

                    SHA1

                    6520fc33381879a120165ede6a0f8aadf9013d3b

                    SHA256

                    b779351c8c6b04cf1d260c5e76fb4ecf4b74454cc6215a43ea15a223bf5bdd7e

                    SHA512

                    0e85cd132c895b3bffce653aeac0b5645e9d1200eb21e23f4e574b079821a44514c1d4b036d29a7d2ea500065c7131aef81cfc38ff1750dbb0e8e0c57fdc2a61

                    Download Submit

                  • C:\Users\Admin\Documents\AsyncClient.exe
                    Filesize

                    45KB

                    MD5

                    e43a0925f08f183fcbefd2c5829f3cef

                    SHA1

                    ef6b529060b509c0259f17caa92c83b9e17373e8

                    SHA256

                    d1a196d9cea170d6f070879756e5ecd7757900297edae2550265b45cda134cfc

                    SHA512

                    de58bca3479d8a9956036e117fe1d2363effc9b38e720977ab3a88a8bb48f645eac23529e869b949ea6f1dfeb323688534fcd8d233119e01e948b59c587dfd6b

                    Download Submit

                  • C:\Users\Admin\Downloads\AsyncClient.exe
                    Filesize

                    45KB

                    MD5

                    d5964cf41b7e7940e860dac2c9f37b05

                    SHA1

                    71d5a41d768fed1cc4e2b8d8446a2ba2637b2446

                    SHA256

                    3d27dda46e3d4a5807e13f28b24e9dbb90cba2d167f3097aa1d9ccda6dcd430c

                    SHA512

                    fabd627d80255588d78977f52086157f64ae9464dabc544fa7c77b3dfee526dea8643f4fb118842a8719feccbe56748a82b4a275b8f8dc859b5c7d30dd199257

                    Download Submit

                  • C:\Users\Admin\Downloads\AsyncRAT\AsyncClient.exe
                    Filesize

                    47KB

                    MD5

                    28821249cd529a7f7d004700595fab2f

                    SHA1

                    d91b63368908b50a1adef91e4490a6b776223773

                    SHA256

                    1c8f8adba7d32ef63cda70e0adc58ad30c9244e0c18c61e1f9a30fef4390d946

                    SHA512

                    23f1cf62731d6a1e9674872364b338ba26febdc91de5f7817c726d17329703918ccf118ae5c327e707334fc59363b0a60b8875d47e30f6246a97938433a424bb

                    Download Submit

                  • C:\Users\Admin\Downloads\AsyncRAT\ServerCertificate.p12
                    Filesize

                    4KB

                    MD5

                    635cc52574a24df86285dad3f8459645

                    SHA1

                    d9713672144092bd5578386c8042e9ec0ef3c381

                    SHA256

                    c08efdc7916059dc0bfc27af74803b86fb51606e7aac3dddac6733ecd7c225d1

                    SHA512

                    90821d675b6e017e7ce9742cc41222f47431270e7bc01edc034fc3a5e725d13c257bfd33dbeb9d8fc69cb1f0b46f99ae0325187ca3e5df80f51a4b06b6b27964

                    Download Submit

                  • C:\Users\Admin\Downloads\COMPILED.6GeCnH-w.zip.part
                    Filesize

                    6.9MB

                    MD5

                    30b1961a9b56972841a3806e716531d7

                    SHA1

                    63c6880d936a60fefc43a51715036c93265a4ae5

                    SHA256

                    0b29711ec115c27f4cd6963b9ea1e4febf15624f1c17d1c018611ee3df8c333c

                    SHA512

                    9449065743226bd15699e710b2bab2a5bb44866f2d9a8bd1b3529b7c53d68e5ecba935e36406d1b69e1fb050f50e3321ef91bc61faac9790f6209fec6f930ed0

                    Download Submit

                  • memory/792-527-0x0000000000BE0000-0x0000000000BF2000-memory.dmp

                    Filesize

                    72KB

                    Download

                  • memory/1168-437-0x00000000004B0000-0x00000000004C2000-memory.dmp

                    Filesize

                    72KB

                    Download

                  • memory/4656-458-0x0000000000C50000-0x0000000000C62000-memory.dmp

                    Filesize

                    72KB

                    Download

                  • memory/5116-318-0x000001BA8F660000-0x000001BA8FCCA000-memory.dmp

                    Filesize

                    6.4MB

                    Download

                  • memory/5116-380-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-401-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-402-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-405-0x000001BAAEF10000-0x000001BAAF036000-memory.dmp

                    Filesize

                    1.1MB

                    Download

                  • memory/5116-335-0x000001BAAD2F0000-0x000001BAAD570000-memory.dmp

                    Filesize

                    2.5MB

                    Download

                  • memory/5116-334-0x000001BAAA6F0000-0x000001BAAA702000-memory.dmp

                    Filesize

                    72KB

                    Download

                  • memory/5116-333-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-332-0x00007FF9E5373000-0x00007FF9E5375000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/5116-331-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-330-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-329-0x000001BAACD20000-0x000001BAACD2A000-memory.dmp

                    Filesize

                    40KB

                    Download

                  • memory/5116-328-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-321-0x00007FF9E5370000-0x00007FF9E5E32000-memory.dmp

                    Filesize

                    10.8MB

                    Download

                  • memory/5116-320-0x000001BAAA1C0000-0x000001BAAA412000-memory.dmp

                    Filesize

                    2.3MB

                    Download

                  • memory/5116-317-0x00007FF9E5373000-0x00007FF9E5375000-memory.dmp

                    Filesize

                    8KB

                    Download