Overview

overview

10

Static

static

10

Client-built.exe

windows7-x64

10

Client-built.exe

windows10-2004-x64

Analysis

  • max time kernel
    114s
  • max time network
    125s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    24-12-2024 19:16

Sharing

Copy URL
Twitter E-mail

Errors

Reason
Machine shutdown
Report Analysis Logs

General

  • Target

    Client-built.exe

  • Size

    78KB

  • MD5

    0752e168205a248479dd8b5e7e0098a0

  • SHA1

    63279851de2b0da579acb43fb097cad6af7247f8

  • SHA256

    183ed61135fcfc8c4c4063417cfb5a78b5a4d4249b3267795dfbc08f37e90da4

  • SHA512

    d1ec91ce7892b64d1cbc5feba5319df0720dff2902344078ed288649c501782e767e775b39b66d3db6c8cd59433f4307fef1b53e0c1748e0bc39a5f136386a40

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+ZPIC:5Zv5PDwbjNrmAE+pIC

Score
10/10
discordratpersistenceratrootkitstealer

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMyMDU5OTc3NTE3MDc4OTM5Ng.GWJ_0m.UNVuvmOJK5NOt5ChKmqbbDAwuVKFeUIbudMI94

  • server_id

    1321190565332652083

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

    stealerrootkitratpersistencediscordrat
  • Discordrat family
    discordrat
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • Downloads MZ/PE file
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs
  • Drops file in System32 directory 8 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 18 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 1 IoCs
  • Modifies data under HKEY_USERS 14 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\winlogon.exe
    winlogon.exe
    1⤵
      PID:632
      • C:\Windows\system32\dwm.exe
        "dwm.exe"
        2⤵
          PID:412
        • C:\Windows\System32\dllhost.exe
          C:\Windows\System32\dllhost.exe /Processid:{e53fec6f-712d-46e8-8508-1de12bf7d003}
          2⤵
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:2856
      • C:\Windows\system32\lsass.exe
        C:\Windows\system32\lsass.exe
        1⤵
          PID:688
        • C:\Windows\system32\svchost.exe
          C:\Windows\system32\svchost.exe -k DcomLaunch -p -s LSM
          1⤵
            PID:972
          • C:\Windows\system32\svchost.exe
            C:\Windows\system32\svchost.exe -k netsvcs -p -s gpsvc
            1⤵
              PID:408
            • C:\Windows\System32\svchost.exe
              C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s lmhosts
              1⤵
                PID:384
              • C:\Windows\System32\svchost.exe
                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s NcbService
                1⤵
                  PID:1112
                • C:\Windows\system32\svchost.exe
                  C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s TimeBrokerSvc
                  1⤵
                    PID:1128
                  • C:\Windows\system32\svchost.exe
                    C:\Windows\system32\svchost.exe -k netsvcs -p -s Schedule
                    1⤵
                      PID:1144
                      • C:\Windows\system32\taskhostw.exe
                        taskhostw.exe {222A245B-E637-4AE9-A93F-A59CA119A75E}
                        2⤵
                          PID:432
                      • C:\Windows\System32\svchost.exe
                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s EventLog
                        1⤵
                          PID:1160
                        • C:\Windows\system32\svchost.exe
                          C:\Windows\system32\svchost.exe -k netsvcs -p -s ProfSvc
                          1⤵
                            PID:1236
                          • C:\Windows\system32\svchost.exe
                            C:\Windows\system32\svchost.exe -k LocalService -p -s DispBrokerDesktopSvc
                            1⤵
                              PID:1320
                            • C:\Windows\system32\svchost.exe
                              C:\Windows\system32\svchost.exe -k LocalService -p -s nsi
                              1⤵
                                PID:1372
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k netsvcs -p -s UserManager
                                1⤵
                                  PID:1384
                                  • C:\Windows\system32\sihost.exe
                                    sihost.exe
                                    2⤵
                                      PID:2980
                                  • C:\Windows\system32\svchost.exe
                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s Dhcp
                                    1⤵
                                      PID:1452
                                    • C:\Windows\System32\svchost.exe
                                      C:\Windows\System32\svchost.exe -k netsvcs -p -s Themes
                                      1⤵
                                        PID:1568
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalService -p -s EventSystem
                                        1⤵
                                          PID:1580
                                        • C:\Windows\System32\svchost.exe
                                          C:\Windows\System32\svchost.exe -k NetworkService -p -s NlaSvc
                                          1⤵
                                            PID:1660
                                          • C:\Windows\system32\svchost.exe
                                            C:\Windows\system32\svchost.exe -k netsvcs -p -s SENS
                                            1⤵
                                              PID:1712
                                            • C:\Windows\System32\svchost.exe
                                              C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s AudioEndpointBuilder
                                              1⤵
                                                PID:1752
                                              • C:\Windows\System32\svchost.exe
                                                C:\Windows\System32\svchost.exe -k LocalService -p -s netprofm
                                                1⤵
                                                  PID:1808
                                                • C:\Windows\System32\svchost.exe
                                                  C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                  1⤵
                                                    PID:1828
                                                  • C:\Windows\system32\svchost.exe
                                                    C:\Windows\system32\svchost.exe -k appmodel -p -s StateRepository
                                                    1⤵
                                                      PID:1944
                                                    • C:\Windows\system32\svchost.exe
                                                      C:\Windows\system32\svchost.exe -k NetworkService -p -s Dnscache
                                                      1⤵
                                                        PID:1952
                                                      • C:\Windows\System32\svchost.exe
                                                        C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p
                                                        1⤵
                                                          PID:1960
                                                        • C:\Windows\System32\svchost.exe
                                                          C:\Windows\System32\svchost.exe -k netsvcs -p -s ShellHWDetection
                                                          1⤵
                                                            PID:1016
                                                          • C:\Windows\System32\spoolsv.exe
                                                            C:\Windows\System32\spoolsv.exe
                                                            1⤵
                                                              PID:2060
                                                            • C:\Windows\System32\svchost.exe
                                                              C:\Windows\System32\svchost.exe -k NetworkService -p -s LanmanWorkstation
                                                              1⤵
                                                                PID:2124
                                                              • C:\Windows\system32\svchost.exe
                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s Winmgmt
                                                                1⤵
                                                                • Suspicious use of AdjustPrivilegeToken
                                                                PID:2220
                                                              • C:\Windows\System32\svchost.exe
                                                                C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -s RmSvc
                                                                1⤵
                                                                  PID:2272
                                                                • C:\Windows\system32\svchost.exe
                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s IKEEXT
                                                                  1⤵
                                                                    PID:2412
                                                                  • C:\Windows\system32\svchost.exe
                                                                    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted -p -s PolicyAgent
                                                                    1⤵
                                                                      PID:2420
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k NetworkService -p -s CryptSvc
                                                                      1⤵
                                                                      • Drops file in System32 directory
                                                                      PID:2488
                                                                    • C:\Windows\system32\svchost.exe
                                                                      C:\Windows\system32\svchost.exe -k netsvcs -p -s LanmanServer
                                                                      1⤵
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:2556
                                                                    • C:\Windows\sysmon.exe
                                                                      C:\Windows\sysmon.exe
                                                                      1⤵
                                                                        PID:2588
                                                                      • C:\Windows\System32\svchost.exe
                                                                        C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s TrkWks
                                                                        1⤵
                                                                          PID:2632
                                                                        • C:\Windows\system32\svchost.exe
                                                                          C:\Windows\system32\svchost.exe -k netsvcs -p -s WpnService
                                                                          1⤵
                                                                            PID:2648
                                                                          • C:\Windows\system32\wbem\unsecapp.exe
                                                                            C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                            1⤵
                                                                              PID:2992
                                                                            • C:\Windows\system32\svchost.exe
                                                                              C:\Windows\system32\svchost.exe -k UnistackSvcGroup -s CDPUserSvc
                                                                              1⤵
                                                                                PID:3052
                                                                              • C:\Windows\system32\svchost.exe
                                                                                C:\Windows\system32\svchost.exe -k netsvcs -p -s TokenBroker
                                                                                1⤵
                                                                                  PID:3192
                                                                                • C:\Windows\system32\svchost.exe
                                                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s CDPSvc
                                                                                  1⤵
                                                                                    PID:3352
                                                                                  • C:\Windows\Explorer.EXE
                                                                                    C:\Windows\Explorer.EXE
                                                                                    1⤵
                                                                                      PID:3456
                                                                                      • C:\Users\Admin\AppData\Local\Temp\Client-built.exe
                                                                                        "C:\Users\Admin\AppData\Local\Temp\Client-built.exe"
                                                                                        2⤵
                                                                                        • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                                        • Suspicious use of SetThreadContext
                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        • Suspicious use of WriteProcessMemory
                                                                                        PID:3964
                                                                                    • C:\Windows\system32\svchost.exe
                                                                                      C:\Windows\system32\svchost.exe -k ClipboardSvcGroup -p -s cbdhsvc
                                                                                      1⤵
                                                                                        PID:3556
                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                        1⤵
                                                                                          PID:3748
                                                                                        • C:\Windows\System32\RuntimeBroker.exe
                                                                                          C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                          1⤵
                                                                                            PID:3940
                                                                                          • C:\Windows\System32\RuntimeBroker.exe
                                                                                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                            1⤵
                                                                                              PID:2244
                                                                                            • C:\Windows\system32\svchost.exe
                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s wlidsvc
                                                                                              1⤵
                                                                                                PID:4456
                                                                                              • C:\Windows\System32\svchost.exe
                                                                                                C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
                                                                                                1⤵
                                                                                                  PID:3032
                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                  C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s SSDPSRV
                                                                                                  1⤵
                                                                                                    PID:1092
                                                                                                  • C:\Windows\system32\svchost.exe
                                                                                                    C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s WinHttpAutoProxySvc
                                                                                                    1⤵
                                                                                                    • Modifies data under HKEY_USERS
                                                                                                    PID:4932
                                                                                                  • C:\Windows\system32\SppExtComObj.exe
                                                                                                    C:\Windows\system32\SppExtComObj.exe -Embedding
                                                                                                    1⤵
                                                                                                      PID:3792
                                                                                                    • C:\Windows\System32\svchost.exe
                                                                                                      C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                      1⤵
                                                                                                        PID:5096
                                                                                                      • C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
                                                                                                        "C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe" /service
                                                                                                        1⤵
                                                                                                        • Drops file in System32 directory
                                                                                                        • Modifies data under HKEY_USERS
                                                                                                        PID:3204
                                                                                                      • C:\Windows\system32\DllHost.exe
                                                                                                        C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
                                                                                                        1⤵
                                                                                                          PID:4348
                                                                                                        • C:\Windows\system32\svchost.exe
                                                                                                          C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
                                                                                                          1⤵
                                                                                                            PID:2000
                                                                                                          • C:\Windows\System32\RuntimeBroker.exe
                                                                                                            C:\Windows\System32\RuntimeBroker.exe -Embedding
                                                                                                            1⤵
                                                                                                              PID:556
                                                                                                            • C:\Windows\system32\svchost.exe
                                                                                                              C:\Windows\system32\svchost.exe -k netsvcs -p -s wuauserv
                                                                                                              1⤵
                                                                                                                PID:5100
                                                                                                              • C:\Windows\system32\wbem\wmiprvse.exe
                                                                                                                C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                1⤵
                                                                                                                • Checks BIOS information in registry
                                                                                                                • Checks SCSI registry key(s)
                                                                                                                • Enumerates system info in registry
                                                                                                                PID:4884
                                                                                                              • C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                C:\Windows\servicing\TrustedInstaller.exe
                                                                                                                1⤵
                                                                                                                  PID:4312
                                                                                                                • C:\Windows\system32\svchost.exe
                                                                                                                  C:\Windows\system32\svchost.exe -k netsvcs -p -s UsoSvc
                                                                                                                  1⤵
                                                                                                                    PID:1552
                                                                                                                  • C:\Windows\System32\mousocoreworker.exe
                                                                                                                    C:\Windows\System32\mousocoreworker.exe -Embedding
                                                                                                                    1⤵
                                                                                                                      PID:1284
                                                                                                                    • C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe
                                                                                                                      C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1220_none_7e21bc567c7ed16b\TiWorker.exe -Embedding
                                                                                                                      1⤵
                                                                                                                        PID:652

                                                                                                                      Network

                                                                                                                      MITRE ATT&CK Enterprise v15

                                                                                                                      Replay Monitor

                                                                                                                      Loading Replay Monitor...

                                                                                                                      Downloads

                                                                                                                      • memory/384-46-0x000001E2C3E90000-0x000001E2C3EBA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/384-47-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/384-287-0x000001E2C3E90000-0x000001E2C3EBA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/384-49-0x000001E2C3E90000-0x000001E2C3EBA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/408-39-0x0000021116740000-0x000002111676A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/408-44-0x0000021116740000-0x000002111676A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/408-286-0x0000021116740000-0x000002111676A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/408-40-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/412-28-0x000001B2484A0000-0x000001B2484CA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/412-29-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/412-35-0x000001B2484A0000-0x000001B2484CA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/632-18-0x0000014A958B0000-0x0000014A958D3000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        140KB

                                                                                                                        Download

                                                                                                                      • memory/632-19-0x0000014A958E0000-0x0000014A9590A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/632-20-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/632-32-0x0000014A958E0000-0x0000014A9590A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/632-33-0x00007FFE733CD000-0x00007FFE733CE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/688-23-0x0000024B2F2B0000-0x0000024B2F2DA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/688-34-0x0000024B2F2B0000-0x0000024B2F2DA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/688-24-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/972-285-0x00000221035A0000-0x00000221035CA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/972-37-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/972-42-0x00000221035A0000-0x00000221035CA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/972-43-0x00007FFE733CC000-0x00007FFE733CD000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        4KB

                                                                                                                        Download

                                                                                                                      • memory/972-36-0x00000221035A0000-0x00000221035CA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1112-66-0x000001B12A2E0000-0x000001B12A30A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1112-55-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/1112-288-0x000001B12A2E0000-0x000001B12A30A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1112-54-0x000001B12A2E0000-0x000001B12A30A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1128-58-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/1128-57-0x000001C196720000-0x000001C19674A000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1144-60-0x0000027FFD180000-0x0000027FFD1AA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1144-61-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/1160-63-0x0000022436D80000-0x0000022436DAA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1160-64-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/1236-69-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/1236-68-0x0000021DA8AB0000-0x0000021DA8ADA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1320-79-0x00000277B2690000-0x00000277B26BA000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        168KB

                                                                                                                        Download

                                                                                                                      • memory/1320-80-0x00007FFE333B0000-0x00007FFE333C0000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        64KB

                                                                                                                        Download

                                                                                                                      • memory/2856-13-0x00007FFE73330000-0x00007FFE73525000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                        Download

                                                                                                                      • memory/2856-10-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        256KB

                                                                                                                        Download

                                                                                                                      • memory/2856-12-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        256KB

                                                                                                                        Download

                                                                                                                      • memory/2856-14-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        256KB

                                                                                                                        Download

                                                                                                                      • memory/2856-15-0x00007FFE73140000-0x00007FFE731FE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        760KB

                                                                                                                        Download

                                                                                                                      • memory/2856-16-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        256KB

                                                                                                                        Download

                                                                                                                      • memory/2856-11-0x0000000140000000-0x0000000140040000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        256KB

                                                                                                                        Download

                                                                                                                      • memory/3964-7-0x0000020380260000-0x000002038029E000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        248KB

                                                                                                                        Download

                                                                                                                      • memory/3964-8-0x00007FFE73330000-0x00007FFE73525000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        2.0MB

                                                                                                                        Download

                                                                                                                      • memory/3964-9-0x00007FFE73140000-0x00007FFE731FE000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        760KB

                                                                                                                        Download

                                                                                                                      • memory/3964-6-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3964-5-0x00007FFE54FA3000-0x00007FFE54FA5000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        8KB

                                                                                                                        Download

                                                                                                                      • memory/3964-0-0x00007FFE54FA3000-0x00007FFE54FA5000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        8KB

                                                                                                                        Download

                                                                                                                      • memory/3964-4-0x000002039AC00000-0x000002039B128000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        5.2MB

                                                                                                                        Download

                                                                                                                      • memory/3964-3-0x00007FFE54FA0000-0x00007FFE55A61000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        10.8MB

                                                                                                                        Download

                                                                                                                      • memory/3964-2-0x00000204001D0000-0x0000020400392000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        1.8MB

                                                                                                                        Download

                                                                                                                      • memory/3964-1-0x00000203FFCF0000-0x00000203FFD08000-memory.dmp

                                                                                                                        Filesize

                                                                                                                        96KB

                                                                                                                        Download