discordrat | f573bc888434d747458210081a7a7632e86b945693a541f1548236bcefd6acc6

Analysis

max time kernel
56s
max time network
53s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
08-12-2024 17:21

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Client-built.exe
Size

78KB
MD5

49d6130bca1cf85adb53b34247070629
SHA1

d025ff0a2eeeaf0d303424ceb4ea5e55a26ba7da
SHA256

f573bc888434d747458210081a7a7632e86b945693a541f1548236bcefd6acc6
SHA512

69ba140dcef810d9ac7a4292d09b99b3b4f2da926342a57d325e99d6afb40b65fa6940448728b04d361d4a6f732dc93e18379a7fb9b0329ffe660181bab8ccbb
SSDEEP

1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+NPIC:5Zv5PDwbjNrmAE+dIC

Score

10^/10

discordrat persistence rat rootkit spyware stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMxNTM2NTcwNzU1NDIzMDM0Mw.GYmmuz.RbqSGTZyA_R6BuVC5khwso4CyRiag7ufsPz4c4
server_id
1315365232385986602

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat

Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs

description	pid	Process	procid_target
PID 1128 created 596	1128	Client-built.exe	5

Downloads MZ/PE file
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Legitimate hosting services abused for malware hosting/C2 1 TTPs 17 IoCs

Web Service

T1102

flow	ioc
20	discord.com
29	discord.com
35	discord.com
54	raw.githubusercontent.com
10	discord.com
33	raw.githubusercontent.com
34	raw.githubusercontent.com
52	discord.com
53	discord.com
37	discord.com
49	discord.com
50	raw.githubusercontent.com
51	discord.com
55	discord.com
12	discord.com
28	discord.com
48	discord.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1128 set thread context of 2428	1128	Client-built.exe	91

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1128	Client-built.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
1128	Client-built.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
1128	Client-built.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
1128	Client-built.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
1128	Client-built.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
1128	Client-built.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe
2428	dllhost.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	1128	Client-built.exe
Token: 33	3620	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3620	AUDIODG.EXE
Token: SeDebugPrivilege	1128	Client-built.exe
Token: SeDebugPrivilege	2428	dllhost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 1128 wrote to memory of 2428	1128	Client-built.exe	91
PID 2428 wrote to memory of 596	2428	dllhost.exe	5
PID 2428 wrote to memory of 672	2428	dllhost.exe	7
PID 2428 wrote to memory of 956	2428	dllhost.exe	12
PID 2428 wrote to memory of 400	2428	dllhost.exe	13
PID 2428 wrote to memory of 728	2428	dllhost.exe	14
PID 2428 wrote to memory of 628	2428	dllhost.exe	15
PID 2428 wrote to memory of 876	2428	dllhost.exe	16
PID 2428 wrote to memory of 920	2428	dllhost.exe	17
PID 2428 wrote to memory of 1044	2428	dllhost.exe	18
PID 2428 wrote to memory of 1148	2428	dllhost.exe	19
PID 2428 wrote to memory of 1252	2428	dllhost.exe	21
PID 2428 wrote to memory of 1260	2428	dllhost.exe	22
PID 2428 wrote to memory of 1368	2428	dllhost.exe	23
PID 2428 wrote to memory of 1456	2428	dllhost.exe	24
PID 2428 wrote to memory of 1480	2428	dllhost.exe	25
PID 2428 wrote to memory of 1504	2428	dllhost.exe	26
PID 2428 wrote to memory of 1564	2428	dllhost.exe	27
PID 2428 wrote to memory of 1572	2428	dllhost.exe	28
PID 2428 wrote to memory of 1640	2428	dllhost.exe	29
PID 2428 wrote to memory of 1724	2428	dllhost.exe	30
PID 2428 wrote to memory of 1784	2428	dllhost.exe	31
PID 2428 wrote to memory of 1828	2428	dllhost.exe	32
PID 2428 wrote to memory of 1972	2428	dllhost.exe	33
PID 2428 wrote to memory of 1992	2428	dllhost.exe	34
PID 2428 wrote to memory of 2004	2428	dllhost.exe	35
PID 2428 wrote to memory of 2020	2428	dllhost.exe	36
PID 2428 wrote to memory of 2068	2428	dllhost.exe	37
PID 2428 wrote to memory of 2108	2428	dllhost.exe	38
PID 2428 wrote to memory of 2184	2428	dllhost.exe	39
PID 2428 wrote to memory of 2308	2428	dllhost.exe	41
PID 2428 wrote to memory of 2408	2428	dllhost.exe	42
PID 2428 wrote to memory of 2416	2428	dllhost.exe	43
PID 2428 wrote to memory of 2536	2428	dllhost.exe	44
PID 2428 wrote to memory of 2556	2428	dllhost.exe	45
PID 2428 wrote to memory of 2584	2428	dllhost.exe	46
PID 2428 wrote to memory of 2604	2428	dllhost.exe	47
PID 2428 wrote to memory of 2612	2428	dllhost.exe	48
PID 2428 wrote to memory of 2684	2428	dllhost.exe	49
PID 2428 wrote to memory of 2912	2428	dllhost.exe	51
PID 2428 wrote to memory of 3216	2428	dllhost.exe	52
PID 2428 wrote to memory of 3236	2428	dllhost.exe	53
PID 2428 wrote to memory of 3292	2428	dllhost.exe	54
PID 2428 wrote to memory of 3356	2428	dllhost.exe	55
PID 2428 wrote to memory of 3480	2428	dllhost.exe	56
PID 2428 wrote to memory of 3580	2428	dllhost.exe	57
PID 2428 wrote to memory of 3688	2428	dllhost.exe	58
PID 2428 wrote to memory of 3984	2428	dllhost.exe	60
PID 2428 wrote to memory of 4116	2428	dllhost.exe	62
PID 2428 wrote to memory of 4388	2428	dllhost.exe	63
PID 2428 wrote to memory of 3800	2428	dllhost.exe	66
PID 2428 wrote to memory of 1288	2428	dllhost.exe	67
PID 2428 wrote to memory of 3080	2428	dllhost.exe	68
PID 2428 wrote to memory of 1764	2428	dllhost.exe	69

C:\Windows\system32\winlogon.exe
winlogon.exe
1⤵
PID:596
- C:\Windows\system32\dwm.exe
  "dwm.exe"
  2⤵
  PID:728
- C:\Windows\System32\dllhost.exe
  C:\Windows\System32\dllhost.exe /Processid:{970a9dd0-931e-4bf4-81a5-9fb27db24d86}
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2428

C:\Windows\system32\lsass.exe
C:\Windows\system32\lsass.exe
1⤵
PID:672

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
1⤵
PID:956

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
1⤵
PID:400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
1⤵
PID:628

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
1⤵
PID:876

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
1⤵
PID:920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
1⤵
PID:1044

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
1⤵
PID:1148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
1⤵
PID:1252
- C:\Windows\system32\taskhostw.exe
  taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
  2⤵
  PID:3292

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
1⤵
PID:1260

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
1⤵
PID:1368

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
1⤵
PID:1456

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
1⤵
PID:1480

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
1⤵
PID:1504

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
1⤵
PID:1564
- C:\Windows\system32\sihost.exe
  sihost.exe
  2⤵
  PID:3216

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
1⤵
PID:1572

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
1⤵
PID:1640

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
1⤵
PID:1724

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
1⤵
PID:1784

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:1828
- C:\Windows\system32\AUDIODG.EXE
  C:\Windows\system32\AUDIODG.EXE 0x458 0x3b8
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
1⤵
PID:1972

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
1⤵
PID:1992

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:2004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
1⤵
PID:2020

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
1⤵
PID:2068

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
1⤵
PID:2108

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2184

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
1⤵
PID:2308

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
1⤵
PID:2408

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
1⤵
PID:2416

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
1⤵
PID:2536

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
1⤵
PID:2556

C:\Windows\sysmon.exe
C:\Windows\sysmon.exe
1⤵
PID:2584

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
1⤵
PID:2604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
1⤵
PID:2612

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
1⤵
PID:2684

C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe -Embedding
1⤵
PID:2912

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
1⤵
PID:3236

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
1⤵
PID:3356

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
1⤵
PID:3480

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3580
- C:\Users\Admin\AppData\Local\Temp\Client-built.exe
  "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
  2⤵
  - Suspicious use of NtCreateUserProcessOtherParentProcess
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
1⤵
PID:3688

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:3984

C:\Windows\System32\RuntimeBroker.exe
C:\Windows\System32\RuntimeBroker.exe -Embedding
1⤵
PID:4116

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:4388

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
1⤵
PID:3800

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
1⤵
PID:1288

C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
"C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
1⤵
PID:3080

C:\Windows\system32\SppExtComObj.exe
C:\Windows\system32\SppExtComObj.exe -Embedding
1⤵
PID:1764

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
1⤵
PID:2208

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
1⤵
PID:416

C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
1⤵
PID:756

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:4828

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe" -ServerName:InputApp.AppXk0k6mrh4r2q0ct33a9wgbez0x7v9cz5y.mca
1⤵
PID:4612

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
1⤵
PID:224

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:540

C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\servicing\TrustedInstaller.exe
1⤵
PID:4424

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
1⤵
PID:1196

C:\Windows\System32\mousocoreworker.exe
C:\Windows\System32\mousocoreworker.exe -Embedding
1⤵
PID:2132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/400-49-0x000002CD5BFD0000-0x000002CD5BFFA000-memory.dmp

Filesize
168KB

Download
memory/400-50-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/400-53-0x000002CD5BFD0000-0x000002CD5BFFA000-memory.dmp

Filesize
168KB

Download
memory/596-36-0x00007FFA6E70D000-0x00007FFA6E70E000-memory.dmp

Filesize
4KB

Download
memory/596-35-0x0000023E8EC20000-0x0000023E8EC4A000-memory.dmp

Filesize
168KB

Download
memory/596-27-0x0000023E8EC20000-0x0000023E8EC4A000-memory.dmp

Filesize
168KB

Download
memory/596-26-0x0000023E8EBF0000-0x0000023E8EC13000-memory.dmp

Filesize
140KB

Download
memory/596-28-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/628-55-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/628-60-0x00000185358C0000-0x00000185358EA000-memory.dmp

Filesize
168KB

Download
memory/628-54-0x00000185358C0000-0x00000185358EA000-memory.dmp

Filesize
168KB

Download
memory/672-37-0x0000020DC80F0000-0x0000020DC811A000-memory.dmp

Filesize
168KB

Download
memory/672-32-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/672-31-0x0000020DC80F0000-0x0000020DC811A000-memory.dmp

Filesize
168KB

Download
memory/728-45-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/728-52-0x000002424DF80000-0x000002424DFAA000-memory.dmp

Filesize
168KB

Download
memory/728-44-0x000002424DF80000-0x000002424DFAA000-memory.dmp

Filesize
168KB

Download
memory/876-57-0x000002312A9D0000-0x000002312A9FA000-memory.dmp

Filesize
168KB

Download
memory/876-58-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/920-66-0x000001CBC7F70000-0x000001CBC7F9A000-memory.dmp

Filesize
168KB

Download
memory/920-67-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/956-41-0x000001A0B2240000-0x000001A0B226A000-memory.dmp

Filesize
168KB

Download
memory/956-39-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/956-38-0x000001A0B2240000-0x000001A0B226A000-memory.dmp

Filesize
168KB

Download
memory/1044-69-0x000001B2C5AB0000-0x000001B2C5ADA000-memory.dmp

Filesize
168KB

Download
memory/1044-70-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/1128-16-0x00007FFA6E670000-0x00007FFA6E868000-memory.dmp

Filesize
2.0MB

Download
memory/1128-0-0x00007FFA50383000-0x00007FFA50385000-memory.dmp

Filesize
8KB

Download
memory/1128-1-0x0000023D89FE0000-0x0000023D89FF8000-memory.dmp

Filesize
96KB

Download
memory/1128-2-0x0000023DA46C0000-0x0000023DA4882000-memory.dmp

Filesize
1.8MB

Download
memory/1128-3-0x00007FFA50380000-0x00007FFA50E42000-memory.dmp

Filesize
10.8MB

Download
memory/1128-4-0x0000023DA4DC0000-0x0000023DA52E8000-memory.dmp

Filesize
5.2MB

Download
memory/1128-5-0x00007FFA50383000-0x00007FFA50385000-memory.dmp

Filesize
8KB

Download
memory/1128-6-0x00007FFA50380000-0x00007FFA50E42000-memory.dmp

Filesize
10.8MB

Download
memory/1128-7-0x0000023DA4890000-0x0000023DA4B5A000-memory.dmp

Filesize
2.8MB

Download
memory/1128-8-0x0000023DA7DD0000-0x0000023DA7E7A000-memory.dmp

Filesize
680KB

Download
memory/1128-12-0x00007FFA50380000-0x00007FFA50E42000-memory.dmp

Filesize
10.8MB

Download
memory/1128-13-0x0000023DA46A0000-0x0000023DA46AE000-memory.dmp

Filesize
56KB

Download
memory/1128-14-0x00007FFA50380000-0x00007FFA50E42000-memory.dmp

Filesize
10.8MB

Download
memory/1128-15-0x0000023DA7E80000-0x0000023DA7EBE000-memory.dmp

Filesize
248KB

Download
memory/1128-17-0x00007FFA6DC90000-0x00007FFA6DD4D000-memory.dmp

Filesize
756KB

Download
memory/1148-73-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/1148-72-0x0000020598F90000-0x0000020598FBA000-memory.dmp

Filesize
168KB

Download
memory/1252-75-0x000001FA9E9D0000-0x000001FA9E9FA000-memory.dmp

Filesize
168KB

Download
memory/1252-76-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/1260-78-0x000001CFAA160000-0x000001CFAA18A000-memory.dmp

Filesize
168KB

Download
memory/1260-79-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/1368-84-0x0000022933F80000-0x0000022933FAA000-memory.dmp

Filesize
168KB

Download
memory/1368-85-0x00007FFA2E6F0000-0x00007FFA2E700000-memory.dmp

Filesize
64KB

Download
memory/1456-87-0x0000018576360000-0x000001857638A000-memory.dmp

Filesize
168KB

Download
memory/2428-20-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2428-19-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2428-23-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/2428-21-0x00007FFA6E670000-0x00007FFA6E868000-memory.dmp

Filesize
2.0MB

Download
memory/2428-22-0x00007FFA6DC90000-0x00007FFA6DD4D000-memory.dmp

Filesize
756KB

Download
memory/2428-18-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download