Overview

overview

10

Static

static

10

Client-built.exe

windows10-2004-x64

Analysis

  • max time kernel
    139s
  • max time network
    140s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    07-09-2024 23:11

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    11af10640463e381040c97f7453db3b5

  • SHA1

    f84ff02901fbeda22ad6d941819d5aed193f37da

  • SHA256

    a426b40512f00b3a895a1a9a7105aff8aaf9a065b63675f03bc9f3dad3b50852

  • SHA512

    27b91211f1788d3056c898d9073bcb15ee6a45d4e8a9add09349cb558b7068677f0c3bec89dce65226404e1a475c4052bb8372e87f3eacbfb7f2858e3fa04ce2

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+WPIC:5Zv5PDwbjNrmAE+SIC

Score
10/10
discordratdefense_evasionpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTI4MjEwOTQ5MDA4MjM1MzIyMw.GDmglk.P078HPfpQ_76MinLMBVkHQNQK2S6Yx6gekSNs8

  • server_id

    1282109732055683246

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Downloads MZ/PE file
  • Indicator Removal: Clear Windows Event Logs 1 TTPs 2 IoCs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of UnmapMainImage 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:608
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:64
      • C:\Windows\System32\dllhost.exe
        C:\Windows\System32\dllhost.exe /Processid:{e8f33f15-0960-440b-83a5-05771648d155}
        2⤵
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4432
    • C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsass.exe
      1⤵
        PID:672
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
        1⤵
          PID:948
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
          1⤵
            PID:508
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
            1⤵
              PID:604
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
              1⤵
                PID:1084
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                1⤵
                  PID:1112
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                  1⤵
                    PID:1144
                    • C:\Windows\system32\taskhostw.exe
                      taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                      2⤵
                        PID:2636
                    • C:\Windows\System32\svchost.exe
                      C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                      1⤵
                      • Indicator Removal: Clear Windows Event Logs
                      PID:1164
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                      1⤵
                        PID:1256
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                        1⤵
                          PID:1312
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                          1⤵
                            PID:1344
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                            1⤵
                              PID:1384
                              • C:\Windows\system32\sihost.exe
                                sihost.exe
                                2⤵
                                  PID:2480
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                1⤵
                                  PID:1524
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                  1⤵
                                    PID:1532
                                  • C:\Windows\System32\svchost.exe
                                    C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                    1⤵
                                      PID:1544
                                    • C:\Windows\system32\svchost.exe
                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                      1⤵
                                        PID:1632
                                      • C:\Windows\System32\svchost.exe
                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                        1⤵
                                          PID:1676
                                        • C:\Windows\System32\svchost.exe
                                          C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                          1⤵
                                            PID:1704
                                          • C:\Windows\System32\svchost.exe
                                            C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                            1⤵
                                              PID:1784
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                              1⤵
                                                PID:1800
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                1⤵
                                                  PID:1904
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                  1⤵
                                                    PID:1916
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                    1⤵
                                                      PID:1924
                                                    • C:\Windows\System32\svchost.exe
                                                      C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                      1⤵
                                                        PID:2008
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                        1⤵
                                                          PID:2084
                                                        • C:\Windows\System32\spoolsv.exe
                                                          C:\Windows\System32\spoolsv.exe
                                                          1⤵
                                                            PID:2092
                                                          • C:\Windows\System32\svchost.exe
                                                            C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                            1⤵
                                                              PID:2244
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                              1⤵
                                                                PID:2252
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                1⤵
                                                                  PID:2500
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                  1⤵
                                                                    PID:2628
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                    1⤵
                                                                      PID:2648
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                      1⤵
                                                                        PID:2692
                                                                      • C:\Windows\system32\svchost.exe
                                                                        C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                        1⤵
                                                                          PID:2840
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                          1⤵
                                                                            PID:2896
                                                                          • C:\Windows\sysmon.exe
                                                                            C:\Windows\sysmon.exe
                                                                            1⤵
                                                                              PID:2916
                                                                            • C:\Windows\System32\svchost.exe
                                                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                              1⤵
                                                                                PID:2924
                                                                              • C:\Windows\system32\svchost.exe
                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                                1⤵
                                                                                  PID:2932
                                                                                • C:\Windows\system32\wbem\unsecapp.exe
                                                                                  C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                  1⤵
                                                                                    PID:3144
                                                                                  • C:\Windows\system32\svchost.exe
                                                                                    C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                    1⤵
                                                                                      PID:3428
                                                                                    • C:\Windows\Explorer.EXE
                                                                                      C:\Windows\Explorer.EXE
                                                                                      1⤵
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      • Suspicious use of UnmapMainImage
                                                                                      PID:3592
                                                                                      • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
                                                                                        2⤵
                                                                                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                                        • Suspicious use of SetThreadContext
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:448
                                                                                      • C:\Windows\system32\taskmgr.exe
                                                                                        "C:\Windows\system32\taskmgr.exe" /4
                                                                                        2⤵
                                                                                        • Checks SCSI registry key(s)
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of FindShellTrayWindow
                                                                                        • Suspicious use of SendNotifyMessage
                                                                                        PID:2412
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                      1⤵
                                                                                        PID:3684
                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                        1⤵
                                                                                          PID:3896
                                                                                        • C:\Windows\System32\RuntimeBroker.exe
                                                                                          C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                          1⤵
                                                                                            PID:4072
                                                                                          • C:\Windows\System32\RuntimeBroker.exe
                                                                                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                            1⤵
                                                                                              PID:8
                                                                                            • C:\Windows\system32\svchost.exe
                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                              1⤵
                                                                                                PID:2620
                                                                                              • C:\Windows\System32\svchost.exe
                                                                                                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                1⤵
                                                                                                  PID:4848
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                  1⤵
                                                                                                    PID:4732
                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                    1⤵
                                                                                                      PID:2656
                                                                                                    • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                      "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                      1⤵
                                                                                                        PID:1860
                                                                                                      • C:\Windows\system32\SppExtComObj.exe
                                                                                                        C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                        1⤵
                                                                                                          PID:624
                                                                                                        • C:\Windows\System32\svchost.exe
                                                                                                          C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                          1⤵
                                                                                                            PID:2304
                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                            1⤵
                                                                                                              PID:3980
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                              1⤵
                                                                                                                PID:4932
                                                                                                              • C:\Windows\System32\RuntimeBroker.exe
                                                                                                                C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                                1⤵
                                                                                                                  PID:2776
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
                                                                                                                  1⤵
                                                                                                                    PID:5004
                                                                                                                  • C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                    C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                    1⤵
                                                                                                                      PID:4588
                                                                                                                    • C:\Windows\system32\svchost.exe
                                                                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
                                                                                                                      1⤵
                                                                                                                        PID:4940
                                                                                                                      • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
                                                                                                                        C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
                                                                                                                        1⤵
                                                                                                                          PID:2792

                                                                                                                        Network

                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                        Replay Monitor

                                                                                                                        Loading Replay Monitor...

                                                                                                                        Downloads

                                                                                                                        • memory/64-40-0x0000029F07290000-0x0000029F072BA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/64-41-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/448-18-0x00007FFD8BFE3000-0x00007FFD8BFE5000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          Download

                                                                                                                        • memory/448-1-0x0000028F0AED0000-0x0000028F0AEE8000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          96KB

                                                                                                                          Download

                                                                                                                        • memory/448-4-0x0000028F25D70000-0x0000028F26298000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          5.2MB

                                                                                                                          Download

                                                                                                                        • memory/448-22-0x00007FFDAA0B0000-0x00007FFDAA2A5000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.0MB

                                                                                                                          Download

                                                                                                                        • memory/448-23-0x00007FFDA9100000-0x00007FFDA91BE000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          760KB

                                                                                                                          Download

                                                                                                                        • memory/448-21-0x0000028F25740000-0x0000028F2577E000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          248KB

                                                                                                                          Download

                                                                                                                        • memory/448-19-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/448-3-0x00007FFD8BFE0000-0x00007FFD8CAA1000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          10.8MB

                                                                                                                          Download

                                                                                                                        • memory/448-2-0x0000028F25470000-0x0000028F25632000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          1.8MB

                                                                                                                          Download

                                                                                                                        • memory/448-0-0x00007FFD8BFE3000-0x00007FFD8BFE5000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          8KB

                                                                                                                          Download

                                                                                                                        • memory/508-44-0x000001DAEAF70000-0x000001DAEAF9A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/508-45-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/604-56-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/604-55-0x0000021519C60000-0x0000021519C8A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/608-32-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/608-31-0x000001DBE4F80000-0x000001DBE4FAA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/608-30-0x000001DBE4F50000-0x000001DBE4F73000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          140KB

                                                                                                                          Download

                                                                                                                        • memory/672-36-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/672-35-0x0000015687BD0000-0x0000015687BFA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/948-47-0x000001E424410000-0x000001E42443A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/948-48-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/1084-59-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/1084-58-0x0000023FDED30000-0x0000023FDED5A000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/1112-61-0x0000021DB49D0000-0x0000021DB49FA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/1112-62-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/1256-65-0x000001A0FA3A0000-0x000001A0FA3CA000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          168KB

                                                                                                                          Download

                                                                                                                        • memory/1256-66-0x00007FFD6A130000-0x00007FFD6A140000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          64KB

                                                                                                                          Download

                                                                                                                        • memory/2412-16-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-11-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-5-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-7-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-6-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-12-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-13-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-14-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-15-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/2412-17-0x00000296E4F30000-0x00000296E4F31000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          4KB

                                                                                                                          Download

                                                                                                                        • memory/4432-28-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          256KB

                                                                                                                          Download

                                                                                                                        • memory/4432-24-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          256KB

                                                                                                                          Download

                                                                                                                        • memory/4432-25-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          256KB

                                                                                                                          Download

                                                                                                                        • memory/4432-27-0x00007FFDA9100000-0x00007FFDA91BE000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          760KB

                                                                                                                          Download

                                                                                                                        • memory/4432-26-0x00007FFDAA0B0000-0x00007FFDAA2A5000-memory.dmp

                                                                                                                          Filesize

                                                                                                                          2.0MB

                                                                                                                          Download