discordrat | hxxps://github[.]com/ramer-py/Polo/blob/main/PoloV0[.]01[.]exe

Analysis

max time kernel
11s
max time network
43s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241211-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241211-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
09-01-2025 04:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/ramer-py/Polo/blob/main/PoloV0.01.exe

Score

10^/10

discordrat discovery persistence rat rootkit stealer

Malware Config

Extracted

Family

discordrat

Attributes

discord_token
MTMyMzE2MTk4MjQzMzQ5NzEyOQ.GbrMsp.fsyZysMsW5rV7VknQveucUOO5_gkahTH6RVINA
server_id
1326287372194939032

Signatures

Discord RAT
A RAT written in C# using Discord as a C2.
stealer rootkit rat persistence discordrat
Discordrat family
discordrat
Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
73	discord.com
47	raw.githubusercontent.com
48	raw.githubusercontent.com
62	discord.com
67	discord.com
70	raw.githubusercontent.com
63	discord.com
69	raw.githubusercontent.com
71	discord.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133808696832452778"	chrome.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
6092	SCHTASKS.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe
Token: SeShutdownPrivilege	4656	chrome.exe
Token: SeCreatePagefilePrivilege	4656	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe
4656	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4656 wrote to memory of 4696	4656	chrome.exe	81
PID 4656 wrote to memory of 4696	4656	chrome.exe	81
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2904	4656	chrome.exe	82
PID 4656 wrote to memory of 2332	4656	chrome.exe	83
PID 4656 wrote to memory of 2332	4656	chrome.exe	83
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84
PID 4656 wrote to memory of 224	4656	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/ramer-py/Polo/blob/main/PoloV0.01.exe
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffb8dfacc40,0x7ffb8dfacc4c,0x7ffb8dfacc58
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1956,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=1952 /prefetch:2
  2⤵
  PID:2904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=2452 /prefetch:8
  2⤵
  PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4620,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=4632 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5040,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5192,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5092,i,10946960268660056697,970926415101294383,262144 --variations-seed-version=20241210-050121.637000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:3396

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:868

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3828

C:\Users\Admin\Downloads\PoloV0.01.exe
"C:\Users\Admin\Downloads\PoloV0.01.exe"
1⤵
PID:2528
- C:\Windows\SYSTEM32\SCHTASKS.exe
  "SCHTASKS.exe" /create /tn "$77PoloV0.01.exe" /tr "'C:\Users\Admin\Downloads\PoloV0.01.exe'" /sc onlogon /rl HIGHEST
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:6092

C:\Windows\System32\dllhost.exe
C:\Windows\System32\dllhost.exe /Processid:{0aae5415-0461-4a01-8ecf-23f3dfb70460}
1⤵
PID:3580

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5216578bec55c2b4fb6bea4ae4629921

SHA1
4b90737e2f27f9b67018f87846dc22e81805d01e

SHA256
df049c3ea2d6fb992050f2002b1fc51dd56dc121495ada347cbbd07ef61b417e

SHA512
c2d2023e1239d30e85d43ad90df7ef1b78f1895eb6197ea70cb477f3a16f1ead199ef3f4de50ea9afa5c290a1a0ae95824d07fef0cda7846b2ebf7b848ae5fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e4374ff9470ed6b2c90e519125c86148

SHA1
6bbc761d0610849f8901248dd331daacdca50f04

SHA256
854ebb8e76ebee9c3fe0a234964f04be3c852a7fec4753e7d2d13ea9222ad376

SHA512
3e3d79449daff3a52bfa79402042541f2ff2c5bdcfe6fd952ba7efa880cd68f1ac37bfec823956b70ac3d74e90bfff8747e6efea67d174892d22004a2d5cdecc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1b36df30240b68708f64b598f9b7418c

SHA1
465d1a9015fbdd958800748cc50f78cfbc0b9cbc

SHA256
84927ea612b4d1917d8312f11a6de20f2f2e643368f9245ad8666003eaaa2ff5

SHA512
696390fa54912024121701edd8729befd06e64ec5109721ddf15ce586110e4a5ca8ddc3a016afaf48afe690a742c7020846efe3e955a24158cfbf60fa201740c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9311cece244df8c17c9f45faed89fcb6

SHA1
913dff0ffca0466d67576846c9b1b67fa1c60e72

SHA256
34b7ece5601ef30b646a6e42ad8457cea523a0f19b59839091733300f8e8ea84

SHA512
893539d7c90f12da04b2f66b937d2176a56b0d70e8cc52287571434ca21dbfa14cdb6e7eae07e4a059e601b849fd112ee33d8a0aea5a2c714813c6cde1e936dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
243afea914502250b88eeb29c1b6510c

SHA1
7cceab5db66a692b152b83ecb1c9297e8f66b10d

SHA256
874e66e3d389b0c02723cf0ac8c87e998b6e03f42c6e5be5057e27425f8cb056

SHA512
566ad5304d49b5e95603715a79420d0cdbea60cf3ac2f33f0bde206da2169b92071e2e32487bd62c284fb8c60f5b38fd794675fd4651b53b476dcc8a01a26d8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e36606d5cb2528914415026e01b022e3

SHA1
833e6b57dba642b21eb5b4d38e1634e76abbdf90

SHA256
28601d9bae0b93706b1ff2794c3a21074b8eb2539d2fcfcaae8c17293c552cbb

SHA512
bbc538fdab8b000a92f783f5085144e860b48eaa29c638001daca76c7ec6b10a1beec70c018490956ec5a6fb6165c59e9a3bbe2adced8f075cc1bb164c234ca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
d3ce1acf671ced9ad7e37179682bd4c6

SHA1
ced92e9f03dbc83fed95d47cf3acba0a94324822

SHA256
9d3b3064b242bcb575b4dfaeb76fd64213133597510793995c4c3ed7d5232316

SHA512
7bb2dbc5e541020d1d1ddfd76a000a9fc63c8b581c103ad134d8ef76cbb02198329c0323deb1ed5204d8f52128f0aabef1778debb8416f50070d3229e5069f6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
0a54e03f35daaffbc7151fddf4133385

SHA1
65702c68fafd0a9bf284bab8b96487016b1b8839

SHA256
b05e0ffbbff94d83ffcff74db7ad5838398c55c21596bb820f42434223393eec

SHA512
60afea4829eebf07296fc02d68b85eadd1b139bae6576848d77ba479a260cbca98f63a46ffae9c6f30d694383220b06904e797520b12a0414e95bffe2991b539

Download Submit
C:\Users\Admin\Downloads\PoloV0.01.exe

Filesize
78KB

MD5
32100f3c1413382f1fdd7842687ec131

SHA1
62e6fab8beb9bad775ece33bafe028c6f4fc8538

SHA256
ca4b75cc8e2b5482a080542b5d5f7e85dafcb9615d8541e826a22547609ad799

SHA512
b76e575b6a2ba56ee5a391b9de61bf0971968dd1678b6957109d4068000711eefbc56835259e686c74787b0b60b43429d50010605240713f11c9b2367bd8e4a3

Download Submit
memory/404-209-0x0000021B98330000-0x0000021B9835A000-memory.dmp

Filesize
168KB

Download
memory/404-210-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/516-220-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/516-219-0x00000267D5330000-0x00000267D535A000-memory.dmp

Filesize
168KB

Download
memory/604-201-0x0000021ACF210000-0x0000021ACF23A000-memory.dmp

Filesize
168KB

Download
memory/604-199-0x0000021ACF1E0000-0x0000021ACF203000-memory.dmp

Filesize
140KB

Download
memory/604-202-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/676-204-0x000001BDB39A0000-0x000001BDB39CA000-memory.dmp

Filesize
168KB

Download
memory/676-205-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/732-222-0x0000021923CF0000-0x0000021923D1A000-memory.dmp

Filesize
168KB

Download
memory/732-223-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/968-228-0x000001AEA5930000-0x000001AEA595A000-memory.dmp

Filesize
168KB

Download
memory/968-229-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1044-225-0x000002A5C63C0000-0x000002A5C63EA000-memory.dmp

Filesize
168KB

Download
memory/1044-226-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1064-231-0x000002D0CF970000-0x000002D0CF99A000-memory.dmp

Filesize
168KB

Download
memory/1064-232-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1272-235-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1272-234-0x000001F3D8D30000-0x000001F3D8D5A000-memory.dmp

Filesize
168KB

Download
memory/1320-242-0x00000248A74B0000-0x00000248A74DA000-memory.dmp

Filesize
168KB

Download
memory/1320-243-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1340-246-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1340-245-0x000001B586FB0000-0x000001B586FDA000-memory.dmp

Filesize
168KB

Download
memory/1348-248-0x00000259203B0000-0x00000259203DA000-memory.dmp

Filesize
168KB

Download
memory/1348-249-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1364-251-0x000002A1A4A90000-0x000002A1A4ABA000-memory.dmp

Filesize
168KB

Download
memory/1364-252-0x00007FFB5D4B0000-0x00007FFB5D4C0000-memory.dmp

Filesize
64KB

Download
memory/1568-254-0x000002842D200000-0x000002842D22A000-memory.dmp

Filesize
168KB

Download
memory/2528-174-0x00007FFB799F0000-0x00007FFB7A4B2000-memory.dmp

Filesize
10.8MB

Download
memory/2528-175-0x00000111EB5E0000-0x00000111EBB08000-memory.dmp

Filesize
5.2MB

Download
memory/2528-171-0x00007FFB799F3000-0x00007FFB799F5000-memory.dmp

Filesize
8KB

Download
memory/2528-172-0x00000111D07A0000-0x00000111D07B8000-memory.dmp

Filesize
96KB

Download
memory/2528-192-0x00007FFB9C9B0000-0x00007FFB9CA6D000-memory.dmp

Filesize
756KB

Download
memory/2528-191-0x00007FFB9D430000-0x00007FFB9D628000-memory.dmp

Filesize
2.0MB

Download
memory/2528-190-0x00000111D0C40000-0x00000111D0C7E000-memory.dmp

Filesize
248KB

Download
memory/2528-474-0x00007FFB799F0000-0x00007FFB7A4B2000-memory.dmp

Filesize
10.8MB

Download
memory/2528-473-0x00007FFB799F3000-0x00007FFB799F5000-memory.dmp

Filesize
8KB

Download
memory/2528-173-0x00000111EADE0000-0x00000111EAFA2000-memory.dmp

Filesize
1.8MB

Download
memory/3580-197-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/3580-195-0x00007FFB9D430000-0x00007FFB9D628000-memory.dmp

Filesize
2.0MB

Download
memory/3580-193-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/3580-194-0x0000000140000000-0x0000000140040000-memory.dmp

Filesize
256KB

Download
memory/3580-196-0x00007FFB9C9B0000-0x00007FFB9CA6D000-memory.dmp

Filesize
756KB

Download