Overview

overview

10

Static

static

10

barrotes.exe

windows11-21h2-x64

10

Analysis

  • max time kernel
    72s
  • max time network
    51s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    14-12-2024 14:30

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    barrotes.exe

  • Size

    78KB

  • MD5

    1adab14cec5319868d619041f47cfd76

  • SHA1

    eea3c85e94ee8b7c4473fa51ff97731a7a590d80

  • SHA256

    c9b3fcf43ef4bdae5f28d4469e810fc02e953eb540c593c8ca4bebe54cf43c10

  • SHA512

    af7b95a1cb69d84a0a3b7ab26599c265b8f816ad6eb8d9cf135eff1daa76e77a5372393959a62f08a1002550459fede1662d2774d7ff41d1b5243c93b10623c6

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+6PIC:5Zv5PDwbjNrmAE+mIC

Score
10/10
discordratdefense_evasionpersistenceratrootkitspywarestealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMxNzE1MTMxMDMxMDY3NDQ1Mw.G4vdtT.2Xaw0SLq-8xqoRh1THgonbntua-rEIma7FhcgY

  • server_id

    1317163923350487151

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Indicator Removal: Clear Windows Event Logs 1 TTPs 1 IoCs

    Clear Windows Event Logs to hide the activity of an intrusion.

    defense_evasion
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 16 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 16 IoCs
  • Modifies registry class 5 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: LoadsDriver 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 33 IoCs
  • Suspicious use of FindShellTrayWindow 7 IoCs
  • Suspicious use of SendNotifyMessage 7 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
    • Modifies data under HKEY_USERS
    • Suspicious use of AdjustPrivilegeToken
    PID:632
    • C:\Windows\system32\dwm.exe
      "dwm.exe"
      2⤵
        PID:476
      • C:\Windows\System32\dllhost.exe
        C:\Windows\System32\dllhost.exe /Processid:{241a5a4b-ee38-47d8-983c-9ac19a9557e8}
        2⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:4716
      • C:\Windows\system32\LogonUI.exe
        "LogonUI.exe" /flags:0x4 /state0:0xa3a7e055 /state1:0x41c64e6d
        2⤵
        • Modifies data under HKEY_USERS
        • Suspicious use of SetWindowsHookEx
        PID:1636
    • C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsass.exe
      1⤵
        PID:692
      • C:\Windows\system32\svchost.exe
        C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
        1⤵
          PID:992
        • C:\Windows\System32\svchost.exe
          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
          1⤵
            PID:760
          • C:\Windows\System32\svchost.exe
            C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
            1⤵
              PID:1036
            • C:\Windows\system32\svchost.exe
              C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
              1⤵
                PID:1048
              • C:\Windows\system32\svchost.exe
                C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
                1⤵
                  PID:1092
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                  1⤵
                    PID:1176
                  • C:\Windows\System32\svchost.exe
                    C:\Windows\System32\svchost.exe -k netprofm -p -s netprofm
                    1⤵
                      PID:1248
                    • C:\Windows\system32\svchost.exe
                      C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                      1⤵
                        PID:1264
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                        1⤵
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1384
                      • C:\Windows\system32\svchost.exe
                        C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                        1⤵
                          PID:1420
                        • C:\Windows\System32\svchost.exe
                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                          1⤵
                          • Indicator Removal: Clear Windows Event Logs
                          PID:1472
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                          1⤵
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1540
                          • C:\Windows\system32\sihost.exe
                            sihost.exe
                            2⤵
                              PID:2916
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k NetworkService -p
                            1⤵
                              PID:1604
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                              1⤵
                                PID:1640
                              • C:\Windows\System32\svchost.exe
                                C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                1⤵
                                  PID:1656
                                • C:\Windows\system32\svchost.exe
                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                  1⤵
                                    PID:1768
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                    1⤵
                                      PID:1832
                                    • C:\Windows\System32\svchost.exe
                                      C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                      1⤵
                                        PID:1844
                                      • C:\Windows\System32\svchost.exe
                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                        1⤵
                                          PID:1932
                                        • C:\Windows\System32\svchost.exe
                                          C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                          1⤵
                                            PID:2020
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p
                                            1⤵
                                              PID:2032
                                            • C:\Windows\system32\svchost.exe
                                              C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                              1⤵
                                                PID:1788
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                1⤵
                                                  PID:1172
                                                • C:\Windows\System32\spoolsv.exe
                                                  C:\Windows\System32\spoolsv.exe
                                                  1⤵
                                                    PID:2160
                                                  • C:\Windows\System32\svchost.exe
                                                    C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                    1⤵
                                                    • Suspicious use of AdjustPrivilegeToken
                                                    PID:2248
                                                  • C:\Windows\System32\svchost.exe
                                                    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                    1⤵
                                                      PID:2392
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                      1⤵
                                                        PID:2488
                                                      • C:\Windows\system32\svchost.exe
                                                        C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                        1⤵
                                                          PID:2496
                                                        • C:\Windows\system32\svchost.exe
                                                          C:\Windows\system32\svchost.exe -k NetworkService -p
                                                          1⤵
                                                            PID:2532
                                                          • C:\Windows\system32\svchost.exe
                                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                            1⤵
                                                              PID:2580
                                                            • C:\Windows\sysmon.exe
                                                              C:\Windows\sysmon.exe
                                                              1⤵
                                                                PID:2624
                                                              • C:\Windows\System32\svchost.exe
                                                                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                1⤵
                                                                  PID:2640
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                  1⤵
                                                                    PID:2676
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                    1⤵
                                                                      PID:2684
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                      1⤵
                                                                        PID:2932
                                                                      • C:\Windows\system32\wbem\unsecapp.exe
                                                                        C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                        1⤵
                                                                          PID:3096
                                                                        • C:\Windows\Explorer.EXE
                                                                          C:\Windows\Explorer.EXE
                                                                          1⤵
                                                                          • Modifies registry class
                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                          • Suspicious use of FindShellTrayWindow
                                                                          • Suspicious use of SendNotifyMessage
                                                                          • Suspicious use of SetWindowsHookEx
                                                                          PID:3248
                                                                          • C:\Users\Admin\AppData\Local\Temp\barrotes.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\barrotes.exe"
                                                                            2⤵
                                                                            • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                            • Suspicious use of SetThreadContext
                                                                            • Suspicious behavior: EnumeratesProcesses
                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                            • Suspicious use of WriteProcessMemory
                                                                            PID:3040
                                                                            • C:\Windows\System32\shutdown.exe
                                                                              "C:\Windows\System32\shutdown.exe" /L
                                                                              3⤵
                                                                                PID:1904
                                                                                • C:\Windows\System32\Conhost.exe
                                                                                  \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                  4⤵
                                                                                    PID:2484
                                                                            • C:\Windows\system32\svchost.exe
                                                                              C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                              1⤵
                                                                                PID:3404
                                                                              • C:\Windows\system32\svchost.exe
                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s Appinfo
                                                                                1⤵
                                                                                  PID:3428
                                                                                • C:\Windows\System32\RuntimeBroker.exe
                                                                                  C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                  1⤵
                                                                                    PID:3812
                                                                                  • C:\Windows\System32\RuntimeBroker.exe
                                                                                    C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                    1⤵
                                                                                      PID:3900
                                                                                    • C:\Windows\system32\DllHost.exe
                                                                                      C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                      1⤵
                                                                                        PID:3960
                                                                                      • C:\Windows\system32\svchost.exe
                                                                                        C:\Windows\system32\svchost.exe -k UdkSvcGroup -s UdkUserSvc
                                                                                        1⤵
                                                                                          PID:3992
                                                                                        • C:\Windows\system32\DllHost.exe
                                                                                          C:\Windows\system32\DllHost.exe /Processid:{973D20D7-562D-44B9-B70B-5A0F49CCDF3F}
                                                                                          1⤵
                                                                                            PID:4240
                                                                                          • C:\Windows\system32\svchost.exe
                                                                                            C:\Windows\system32\svchost.exe -k osprivacy -p -s camsvc
                                                                                            1⤵
                                                                                              PID:4388
                                                                                            • C:\Windows\system32\svchost.exe
                                                                                              C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                              1⤵
                                                                                                PID:3852
                                                                                              • C:\Windows\System32\svchost.exe
                                                                                                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                1⤵
                                                                                                  PID:4940
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                  1⤵
                                                                                                    PID:548
                                                                                                  • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                    "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                    1⤵
                                                                                                      PID:1304
                                                                                                    • C:\Windows\system32\SppExtComObj.exe
                                                                                                      C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                      1⤵
                                                                                                        PID:2116
                                                                                                      • C:\Windows\System32\svchost.exe
                                                                                                        C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                        1⤵
                                                                                                          PID:1552
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                                          1⤵
                                                                                                            PID:2992
                                                                                                          • C:\Windows\system32\DllHost.exe
                                                                                                            C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                            1⤵
                                                                                                              PID:4500
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                              1⤵
                                                                                                                PID:3132

                                                                                                              Network

                                                                                                              MITRE ATT&CK Enterprise v15

                                                                                                              Replay Monitor

                                                                                                              Loading Replay Monitor...

                                                                                                              Downloads

                                                                                                              • memory/476-34-0x0000026184180000-0x00000261841AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/476-40-0x0000026184180000-0x00000261841AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/476-35-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/632-23-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/632-22-0x000002A5DE880000-0x000002A5DE8AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/632-29-0x000002A5DE880000-0x000002A5DE8AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/632-30-0x00007FFD82364000-0x00007FFD82365000-memory.dmp

                                                                                                                Filesize

                                                                                                                4KB

                                                                                                                Download

                                                                                                              • memory/632-21-0x000002A5DE850000-0x000002A5DE873000-memory.dmp

                                                                                                                Filesize

                                                                                                                140KB

                                                                                                                Download

                                                                                                              • memory/692-26-0x000001FF91680000-0x000001FF916AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/692-27-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/692-31-0x000001FF91680000-0x000001FF916AA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/760-271-0x0000019668B60000-0x0000019668B8A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/760-54-0x0000019668B60000-0x0000019668B8A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/760-46-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/760-45-0x0000019668B60000-0x0000019668B8A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/992-37-0x000002539EB30000-0x000002539EB5A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/992-41-0x000002539EB30000-0x000002539EB5A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/992-269-0x000002539EB30000-0x000002539EB5A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/992-38-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1036-272-0x00000216FA700000-0x00000216FA72A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1036-55-0x00000216FA700000-0x00000216FA72A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1036-48-0x00000216FA700000-0x00000216FA72A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1036-49-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1048-51-0x000001C9BA570000-0x000001C9BA59A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1048-52-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1092-62-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1092-61-0x00000241826E0000-0x000002418270A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1176-65-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1176-64-0x0000018DA1190000-0x0000018DA11BA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1248-67-0x0000014213A30000-0x0000014213A5A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1248-68-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1264-70-0x000001F00BEB0000-0x000001F00BEDA000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/1264-71-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1384-74-0x00007FFD42350000-0x00007FFD42360000-memory.dmp

                                                                                                                Filesize

                                                                                                                64KB

                                                                                                                Download

                                                                                                              • memory/1384-73-0x0000029CF7460000-0x0000029CF748A000-memory.dmp

                                                                                                                Filesize

                                                                                                                168KB

                                                                                                                Download

                                                                                                              • memory/3040-4-0x000001B01D5D0000-0x000001B01DAF8000-memory.dmp

                                                                                                                Filesize

                                                                                                                5.2MB

                                                                                                                Download

                                                                                                              • memory/3040-3-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-297-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-273-0x000001B01D1F0000-0x000001B01D4BA000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.8MB

                                                                                                                Download

                                                                                                              • memory/3040-16-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-1-0x000001B001BF0000-0x000001B001C08000-memory.dmp

                                                                                                                Filesize

                                                                                                                96KB

                                                                                                                Download

                                                                                                              • memory/3040-2-0x000001B01C200000-0x000001B01C3C2000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.8MB

                                                                                                                Download

                                                                                                              • memory/3040-266-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-10-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-267-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-9-0x00007FFD80B50000-0x00007FFD80C0D000-memory.dmp

                                                                                                                Filesize

                                                                                                                756KB

                                                                                                                Download

                                                                                                              • memory/3040-8-0x00007FFD822C0000-0x00007FFD824C9000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.0MB

                                                                                                                Download

                                                                                                              • memory/3040-7-0x000001B01C0C0000-0x000001B01C0FE000-memory.dmp

                                                                                                                Filesize

                                                                                                                248KB

                                                                                                                Download

                                                                                                              • memory/3040-6-0x00007FFD61470000-0x00007FFD61F32000-memory.dmp

                                                                                                                Filesize

                                                                                                                10.8MB

                                                                                                                Download

                                                                                                              • memory/3040-5-0x00007FFD61473000-0x00007FFD61475000-memory.dmp

                                                                                                                Filesize

                                                                                                                8KB

                                                                                                                Download

                                                                                                              • memory/3040-0-0x00007FFD61473000-0x00007FFD61475000-memory.dmp

                                                                                                                Filesize

                                                                                                                8KB

                                                                                                                Download

                                                                                                              • memory/4716-15-0x00007FFD80B50000-0x00007FFD80C0D000-memory.dmp

                                                                                                                Filesize

                                                                                                                756KB

                                                                                                                Download

                                                                                                              • memory/4716-12-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                Filesize

                                                                                                                256KB

                                                                                                                Download

                                                                                                              • memory/4716-11-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                Filesize

                                                                                                                256KB

                                                                                                                Download

                                                                                                              • memory/4716-268-0x00007FFD822C0000-0x00007FFD824C9000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.0MB

                                                                                                                Download

                                                                                                              • memory/4716-19-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                Filesize

                                                                                                                256KB

                                                                                                                Download

                                                                                                              • memory/4716-17-0x00007FFD822C1000-0x00007FFD823EA000-memory.dmp

                                                                                                                Filesize

                                                                                                                1.2MB

                                                                                                                Download

                                                                                                              • memory/4716-18-0x00007FFD822C0000-0x00007FFD824C9000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.0MB

                                                                                                                Download

                                                                                                              • memory/4716-14-0x00007FFD822C0000-0x00007FFD824C9000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.0MB

                                                                                                                Download

                                                                                                              • memory/4716-13-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                Filesize

                                                                                                                256KB

                                                                                                                Download

                                                                                                              • memory/4716-302-0x00007FFD822C0000-0x00007FFD824C9000-memory.dmp

                                                                                                                Filesize

                                                                                                                2.0MB

                                                                                                                Download