discordrat | e3710ea90501675d0e0115d277cdb1ee5a3ed377d0de81128ccdad5d6c96182f

Resubmissions

04-11-2024 19:53

241104-ymfvlawgnn 10

04-11-2024 18:47

241104-xfb3dswakn 10

Analysis

max time kernel
1768s
max time network
1777s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-11-2024 18:47

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

NixwareCrack.exe
Size

78KB
MD5

376bd2d97cc2ba77cd6da672ba177ed2
SHA1

302ac8e952a6e1c6139cbb68bc7e1d1b3a9b3c7c
SHA256

e3710ea90501675d0e0115d277cdb1ee5a3ed377d0de81128ccdad5d6c96182f
SHA512

d10de99746f1be26c9ee9bc37280f1240e844f185c1f4c5076bcb688bd82af5f61841263d8e5d54f2392a12df42f830458c8106dcd82e4bae204f7a1c1ed5aaf
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+APIC:5Zv5PDwbjNrmAE+kIC

Score

10^/10

discordrat persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMwMjM1NTczNTkyNTEwMDY3NA.GwroMp.ikOfR8hGBRGsTwLXKnVA4_qSIDO9_Syvc6QRrs
server_id
1302358412364873738

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 2232 created 616	2232	NixwareCrack.exe	5

Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
10	discord.com
23	discord.com
79	discord.com
80	discord.com
84	discord.com
11	discord.com
78	discord.com
82	raw.githubusercontent.com
83	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2232 set thread context of 4352	2232	NixwareCrack.exe	124

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad	svchost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2232	NixwareCrack.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
352	wlrmdr.exe
352	wlrmdr.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
2232	NixwareCrack.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
2232	NixwareCrack.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
2232	NixwareCrack.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
2232	NixwareCrack.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
4352	dllhost.exe
2232	NixwareCrack.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2232	NixwareCrack.exe
Token: SeDebugPrivilege	2232	NixwareCrack.exe
Token: SeDebugPrivilege	4352	dllhost.exe
Token: SeShutdownPrivilege	3440	Explorer.EXE
Token: SeCreatePagefilePrivilege	3440	Explorer.EXE
Token: SeShutdownPrivilege	3440	Explorer.EXE
Token: SeCreatePagefilePrivilege	3440	Explorer.EXE
Token: SeShutdownPrivilege	3440	Explorer.EXE
Token: SeCreatePagefilePrivilege	3440	Explorer.EXE

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
352	wlrmdr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 2232 wrote to memory of 4352	2232	NixwareCrack.exe	124
PID 4352 wrote to memory of 616	4352	dllhost.exe	5
PID 4352 wrote to memory of 668	4352	dllhost.exe	7
PID 4352 wrote to memory of 956	4352	dllhost.exe	12
PID 4352 wrote to memory of 60	4352	dllhost.exe	13
PID 668 wrote to memory of 2608	668	lsass.exe	45
PID 4352 wrote to memory of 1036	4352	dllhost.exe	16
PID 4352 wrote to memory of 1104	4352	dllhost.exe	17
PID 4352 wrote to memory of 1112	4352	dllhost.exe	18
PID 4352 wrote to memory of 1164	4352	dllhost.exe	19
PID 4352 wrote to memory of 1176	4352	dllhost.exe	20
PID 4352 wrote to memory of 1256	4352	dllhost.exe	21
PID 668 wrote to memory of 2608	668	lsass.exe	45
PID 4352 wrote to memory of 1312	4352	dllhost.exe	22
PID 668 wrote to memory of 2608	668	lsass.exe	45
PID 4352 wrote to memory of 1344	4352	dllhost.exe	23
PID 4352 wrote to memory of 1408	4352	dllhost.exe	24
PID 4352 wrote to memory of 1436	4352	dllhost.exe	25
PID 4352 wrote to memory of 1572	4352	dllhost.exe	26
PID 4352 wrote to memory of 1584	4352	dllhost.exe	27
PID 4352 wrote to memory of 1668	4352	dllhost.exe	28
PID 4352 wrote to memory of 1700	4352	dllhost.exe	29
PID 4352 wrote to memory of 1736	4352	dllhost.exe	30
PID 4352 wrote to memory of 1796	4352	dllhost.exe	31
PID 4352 wrote to memory of 1800	4352	dllhost.exe	32
PID 4352 wrote to memory of 1904	4352	dllhost.exe	33
PID 4352 wrote to memory of 1912	4352	dllhost.exe	34
PID 4352 wrote to memory of 1964	4352	dllhost.exe	35
PID 4352 wrote to memory of 1972	4352	dllhost.exe	36
PID 4352 wrote to memory of 1468	4352	dllhost.exe	37
PID 4352 wrote to memory of 2132	4352	dllhost.exe	39
PID 4352 wrote to memory of 2244	4352	dllhost.exe	40
PID 4352 wrote to memory of 2260	4352	dllhost.exe	41
PID 4352 wrote to memory of 2372	4352	dllhost.exe	42
PID 4352 wrote to memory of 2380	4352	dllhost.exe	43
PID 4352 wrote to memory of 2548	4352	dllhost.exe	44
PID 4352 wrote to memory of 2608	4352	dllhost.exe	45
PID 4352 wrote to memory of 2620	4352	dllhost.exe	46
PID 4352 wrote to memory of 2644	4352	dllhost.exe	47
PID 4352 wrote to memory of 2660	4352	dllhost.exe	48
PID 4352 wrote to memory of 2880	4352	dllhost.exe	49
PID 4352 wrote to memory of 2888	4352	dllhost.exe	50
PID 4352 wrote to memory of 3008	4352	dllhost.exe	51
PID 4352 wrote to memory of 3016	4352	dllhost.exe	52
PID 4352 wrote to memory of 664	4352	dllhost.exe	54
PID 4352 wrote to memory of 3340	4352	dllhost.exe	55
PID 4352 wrote to memory of 3440	4352	dllhost.exe	56
PID 4352 wrote to memory of 3568	4352	dllhost.exe	57
PID 4352 wrote to memory of 3752	4352	dllhost.exe	58
PID 4352 wrote to memory of 3908	4352	dllhost.exe	60
PID 4352 wrote to memory of 4144	4352	dllhost.exe	62
PID 4352 wrote to memory of 1600	4352	dllhost.exe	65
PID 4352 wrote to memory of 3304	4352	dllhost.exe	67
PID 4352 wrote to memory of 4180	4352	dllhost.exe	68

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:616
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:60
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{8b1d4a94-4e22-431a-94b6-0d4d9fb155aa}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4352
- C:\Windows\system32\wlrmdr.exe
  -s -1 -f 2 -t Your PC will automatically restart in one minute -m Windows ran into a problem and needs to restart. You should close this message now and save your work. -a 3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:352

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
- Suspicious use of WriteProcessMemory
PID:668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:956

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:1036

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:1104

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1112

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:1164

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1176
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:3008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1256

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1312

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1344

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1436
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:2888

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1572

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1584

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1700

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1736

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1796

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1904

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1964

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:1972

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:1468

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2132

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2244

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2372

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2380

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2548

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2608

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2620

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2644

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2660

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:2880

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:3016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3340

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3440
- C:\Users\Admin\AppData\Local\Temp\NixwareCrack.exe
  "C:\Users\Admin\AppData\Local\Temp\NixwareCrack.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2232

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3568

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3752

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3908

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4144

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:1600

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
1⤵
PID:3304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
- Modifies data under HKEY_USERS
PID:4180

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:3288

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
PID:1676

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:1988

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:3808

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:4576

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
1⤵
PID:2488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/60-33-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/60-38-0x000001E13E5A0000-0x000001E13E5CA000-memory.dmp

Filesize
168KB

Download
memory/60-32-0x000001E13E5A0000-0x000001E13E5CA000-memory.dmp

Filesize
168KB

Download
memory/616-27-0x00007FFC1B2CD000-0x00007FFC1B2CE000-memory.dmp

Filesize
4KB

Download
memory/616-26-0x000001B7A5190000-0x000001B7A51BA000-memory.dmp

Filesize
168KB

Download
memory/616-18-0x000001B7A5160000-0x000001B7A5183000-memory.dmp

Filesize
140KB

Download
memory/616-19-0x000001B7A5190000-0x000001B7A51BA000-memory.dmp

Filesize
168KB

Download
memory/616-20-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/668-24-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/668-23-0x00000219BF460000-0x00000219BF48A000-memory.dmp

Filesize
168KB

Download
memory/668-28-0x00000219BF460000-0x00000219BF48A000-memory.dmp

Filesize
168KB

Download
memory/668-29-0x00007FFC1B2CF000-0x00007FFC1B2D0000-memory.dmp

Filesize
4KB

Download
memory/956-40-0x00007FFC1B2CC000-0x00007FFC1B2CD000-memory.dmp

Filesize
4KB

Download
memory/956-35-0x000001E98E800000-0x000001E98E82A000-memory.dmp

Filesize
168KB

Download
memory/956-36-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/956-270-0x000001E98E800000-0x000001E98E82A000-memory.dmp

Filesize
168KB

Download
memory/956-39-0x000001E98E800000-0x000001E98E82A000-memory.dmp

Filesize
168KB

Download
memory/1036-271-0x000002012A460000-0x000002012A48A000-memory.dmp

Filesize
168KB

Download
memory/1036-42-0x000002012A460000-0x000002012A48A000-memory.dmp

Filesize
168KB

Download
memory/1036-43-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1036-45-0x000002012A460000-0x000002012A48A000-memory.dmp

Filesize
168KB

Download
memory/1104-272-0x0000017601180000-0x00000176011AA000-memory.dmp

Filesize
168KB

Download
memory/1104-48-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1104-50-0x0000017601180000-0x00000176011AA000-memory.dmp

Filesize
168KB

Download
memory/1104-47-0x0000017601180000-0x00000176011AA000-memory.dmp

Filesize
168KB

Download
memory/1112-63-0x000001BE52DB0000-0x000001BE52DDA000-memory.dmp

Filesize
168KB

Download
memory/1112-55-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1112-273-0x000001BE52DB0000-0x000001BE52DDA000-memory.dmp

Filesize
168KB

Download
memory/1112-54-0x000001BE52DB0000-0x000001BE52DDA000-memory.dmp

Filesize
168KB

Download
memory/1164-58-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1164-57-0x0000019AECED0000-0x0000019AECEFA000-memory.dmp

Filesize
168KB

Download
memory/1176-61-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1176-60-0x000001CFA7E60000-0x000001CFA7E8A000-memory.dmp

Filesize
168KB

Download
memory/1256-66-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1256-65-0x0000020BC73B0000-0x0000020BC73DA000-memory.dmp

Filesize
168KB

Download
memory/1312-70-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1312-69-0x000001F0ED090000-0x000001F0ED0BA000-memory.dmp

Filesize
168KB

Download
memory/1344-73-0x0000014A02FC0000-0x0000014A02FEA000-memory.dmp

Filesize
168KB

Download
memory/1344-74-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1408-78-0x00007FFBDB2B0000-0x00007FFBDB2C0000-memory.dmp

Filesize
64KB

Download
memory/1408-77-0x000001C64A560000-0x000001C64A58A000-memory.dmp

Filesize
168KB

Download
memory/1436-82-0x00000124780E0000-0x000001247810A000-memory.dmp

Filesize
168KB

Download
memory/2232-1-0x000001FC01490000-0x000001FC014A8000-memory.dmp

Filesize
96KB

Download
memory/2232-0-0x00007FFBFD203000-0x00007FFBFD205000-memory.dmp

Filesize
8KB

Download
memory/2232-7-0x000001FC030D0000-0x000001FC0310E000-memory.dmp

Filesize
248KB

Download
memory/2232-2-0x000001FC1BB10000-0x000001FC1BCD2000-memory.dmp

Filesize
1.8MB

Download
memory/2232-3-0x00007FFBFD200000-0x00007FFBFDCC1000-memory.dmp

Filesize
10.8MB

Download
memory/2232-4-0x000001FC1C310000-0x000001FC1C838000-memory.dmp

Filesize
5.2MB

Download
memory/2232-5-0x00007FFBFD203000-0x00007FFBFD205000-memory.dmp

Filesize
8KB

Download
memory/2232-6-0x00007FFBFD200000-0x00007FFBFDCC1000-memory.dmp

Filesize
10.8MB

Download
memory/2232-9-0x00007FFC1AB70000-0x00007FFC1AC2E000-memory.dmp

Filesize
760KB

Download
memory/2232-8-0x00007FFC1B230000-0x00007FFC1B425000-memory.dmp

Filesize
2.0MB

Download
memory/4352-16-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4352-14-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4352-12-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4352-11-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4352-10-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/4352-15-0x00007FFC1AB70000-0x00007FFC1AC2E000-memory.dmp

Filesize
760KB

Download
memory/4352-13-0x00007FFC1B230000-0x00007FFC1B425000-memory.dmp

Filesize
2.0MB

Download