Overview

overview

10

Static

static

10

Discord Ni...or.exe

windows7-x64

10

Discord Ni...or.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    160s
  • max time network
    162s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-02-2025 19:29

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Discord Nitro Generator.exe

  • Size

    118KB

  • MD5

    79a27511481a3ff98353cc18247555d0

  • SHA1

    97ad6646d0ac8899a76e02820d57efccfc101da8

  • SHA256

    51f67144ecd073fa1ebdcee8005a8c8d0f4281645866c13aef5e4e60591f9a2b

  • SHA512

    b334158dcb5b7a3d21d5805088e6a13afdc64041d0d3dc5ce04e71a00ede1238f293109f9f9c6d64a59a53ee5263a2c0880fb26bba84e4fd7ad1da5b75d24eef

  • SSDEEP

    3072:NoBng4r9sTE6T2DtXRTBQeqbJWREG8HuRAnNRZR:Chr9sTE6GS2EV1nF

Score
10/10
chaosdefense_evasiondiscoveryevasionexecutionimpactransomwarespywarestealer

Malware Config

Extracted

Path

C:\Users\Admin\Documents\read_me!.txt

Ransom Note
Hello. All your documents, images, videos, databases and other files are no longer available because they have been encrypted. There is nothing you can do about this, because if you try to remove me, the files will be lost permanently. No one will be able to do anything except us. We guarantee the decryption of files if the instructions are followed. To get your files back, you'll have to pay. We only accepted Bitcoin. Purchasing Bitcoin varies from country to country, you are best advised to do a quick google search yourself to find out how to buy Bitcoin. These sales websites are secure and secure: Coinmama - https://www.coinmama.com Abra - https://www.abra.com/buy/bitcoin Localbitcoin - https://localbitcoins.com - - - Payment amount: 0.0013 BTC. Bitcoin address: 33guPaiB1te5KSXMoAFxcCAeroGwrCKzo5 Then and only then, send an email to [email protected] to get decrypter. Do not download unknown files from the Internet ...
Wallets

33guPaiB1te5KSXMoAFxcCAeroGwrCKzo5

URLs

https://www.coinmama.com

https://www.abra.com/buy/bitcoin

Signatures

  • Chaos

    Ransomware family first seen in June 2021.

    ransomwarechaos
  • Chaos Ransomware 2 IoCs
  • Chaos family
    chaos
  • Deletes shadow copies 3 TTPs

    Ransomware often targets backup files to inhibit system recovery.

    ransomwaredefense_evasionimpactexecution
  • Modifies boot configuration data using bcdedit 1 TTPs 2 IoCs
    ransomwareevasion
  • Deletes backup catalog 3 TTPs 1 IoCs

    Uses wbadmin.exe to inhibit system recovery.

    ransomware
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Drops startup file 3 IoCs
  • Executes dropped EXE 1 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Drops desktop.ini file(s) 34 IoCs
  • Sets desktop wallpaper using registry 2 TTPs 1 IoCs
    ransomware
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Interacts with shadow copies 3 TTPs 1 IoCs

    Shadow copies are often targeted by ransomware to inhibit system recovery.

    ransomware
  • Modifies Internet Explorer settings 1 TTPs 25 IoCs
    adwarespyware
  • Modifies registry class 5 IoCs
  • Suspicious behavior: AddClipboardFormatListener 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 47 IoCs
  • Suspicious use of AdjustPrivilegeToken 50 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 23 IoCs
  • Suspicious use of WriteProcessMemory 23 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Users\Admin\AppData\Local\Temp\Discord Nitro Generator.exe
    "C:\Users\Admin\AppData\Local\Temp\Discord Nitro Generator.exe"
    1⤵
    • Checks computer location settings
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1172
    • C:\Users\Admin\AppData\Roaming\Windows Defender.exe
      "C:\Users\Admin\AppData\Roaming\Windows Defender.exe"
      2⤵
      • Checks computer location settings
      • Drops startup file
      • Executes dropped EXE
      • Drops desktop.ini file(s)
      • Sets desktop wallpaper using registry
      • Modifies registry class
      • Suspicious behavior: AddClipboardFormatListener
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:4156
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C vssadmin delete shadows /all /quiet & wmic shadowcopy delete
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3312
        • C:\Windows\system32\vssadmin.exe
          vssadmin delete shadows /all /quiet
          4⤵
          • Interacts with shadow copies
          PID:4796
        • C:\Windows\System32\Wbem\WMIC.exe
          wmic shadowcopy delete
          4⤵
          • Suspicious use of AdjustPrivilegeToken
          PID:1292
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:216
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} bootstatuspolicy ignoreallfailures
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:4048
        • C:\Windows\system32\bcdedit.exe
          bcdedit /set {default} recoveryenabled no
          4⤵
          • Modifies boot configuration data using bcdedit
          PID:4508
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C wbadmin delete catalog -quiet
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4492
        • C:\Windows\system32\wbadmin.exe
          wbadmin delete catalog -quiet
          4⤵
          • Deletes backup catalog
          PID:428
      • C:\Windows\system32\NOTEPAD.EXE
        "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\read_me!.txt
        3⤵
        • Suspicious use of FindShellTrayWindow
        PID:3264
  • C:\Windows\system32\vssvc.exe
    C:\Windows\system32\vssvc.exe
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:1624
  • C:\Windows\system32\wbengine.exe
    "C:\Windows\system32\wbengine.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:3364
  • C:\Windows\System32\vdsldr.exe
    C:\Windows\System32\vdsldr.exe -Embedding
    1⤵
      PID:4656
    • C:\Windows\System32\vds.exe
      C:\Windows\System32\vds.exe
      1⤵
      • Checks SCSI registry key(s)
      PID:3600
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:1048
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:4256
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2956
    • C:\Windows\system32\OpenWith.exe
      C:\Windows\system32\OpenWith.exe -Embedding
      1⤵
      • Modifies registry class
      • Suspicious use of SetWindowsHookEx
      PID:2688
    • C:\Program Files\Internet Explorer\iexplore.exe
      "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
      1⤵
      • Modifies Internet Explorer settings
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1540
      • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
        "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1540 CREDAT:17410 /prefetch:2
        2⤵
        • System Location Discovery: System Language Discovery
        • Modifies Internet Explorer settings
        • Suspicious use of SetWindowsHookEx
        PID:2212

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w30givr\imagestore.dat
      Filesize

      4KB

      MD5

      02bb1524cdf9fc03b2f7e68d6c421112

      SHA1

      672e0ac9c3619caa8e1d791fa6f80e721a330449

      SHA256

      b3137eb87483b5050615a35e87f5307df5a8f7b13b9c0c8cab55d62fc1d85d11

      SHA512

      ceede9e9b0f6ff98b5b26136da09fd8007c5d3ff41138b1b6c09b0f55cc03898660f43161600f9e90335e627d0ea2529be94da1706dabdcd78df7ab3b923ab57

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\w30givr\imagestore.dat
      Filesize

      8KB

      MD5

      d7f6a5bbead35b078df8f0a5493ec38d

      SHA1

      072365708b18fd2af535bc3e934aa0d991cd5e62

      SHA256

      fc42c66cf06b9ddde03155d5f03327015c092edf7692bb42047d0ff30115e3d5

      SHA512

      8de826889c9d3502d57be5248f03778d45188500920373a1f0635df62a33b1f5703b7aa1cfc7678fc90b8cfc3b39e1b324aa011353a67868496dcacf1ed6a32c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33C1GDDV\qsml[1].xml
      Filesize

      481B

      MD5

      aba21e2afbed5dffaa283d58e46a189f

      SHA1

      151f35ce6f7ead7556d467a7fec0c0318f03a4eb

      SHA256

      048284925ead48ca3f3590aec755c655d83cf0e57635a94d622a89ab6337cd2f

      SHA512

      38066e91b666c7cc63451ae89500a1321646fbb66531373317e053327f6114cdbab01fb5b07e1b20eff97b9204ec50690a01ab640d4e896b10565beb9a158f86

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33C1GDDV\qsml[2].xml
      Filesize

      595B

      MD5

      80bb633288de297144fc7b64b93cc86a

      SHA1

      ae99f725fb23aea342640fe1928b7b678e347c55

      SHA256

      b779129eebd0b7dacda6e6f1dbc69566475b9f3c075e5aa76b5ca271cd18b6dd

      SHA512

      81e28dc8ad6592152575d1dc4623cc93f36f2010ed88502111df85c034314c085de305db6d324295f0eff9c44f3b8a8a9853c566315282c4ca3d952177aa206f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33C1GDDV\qsml[3].xml
      Filesize

      257B

      MD5

      1a6b3f0720f92f71e10981a61b948ef8

      SHA1

      ab312219eb88d80bd3e384a8cd62b8edd4fafe5e

      SHA256

      7ba55017bac83a20f4b456fb4f5d0686052ebb17404521af6cd332874a7521c6

      SHA512

      ccf9ebe9f9d8ec57ff0573f2d5ffd4f5aa0954eeaf7f194e516956b3adcc92e363283d2ecf7084a142ed242c5a6070af7a4f6a6d050e6917716363ccbe06311c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\33C1GDDV\qsml[4].xml
      Filesize

      210B

      MD5

      4c97c244c4600b71ae2375353949dbcd

      SHA1

      38e247c769c53b39ad657be8096cdbac637fc837

      SHA256

      23e9cbf1145140423826d43bc068d85f289af85997ebd2ee4016b5fb69eedfdf

      SHA512

      128eddb5607977ccd2727248bee1c2b0698ea57d98651fe7e0af0932f0e24e20960a069426ff1c4ae51c7980f4e99c89525c6e88b12201ef48ba2bdd3c2c4250

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P9N9I379\qsml[1].xml
      Filesize

      485B

      MD5

      e7190b6809a534bc7450bdec4d053737

      SHA1

      81776b6635d3959012b85f632e1f8aa7fa11724d

      SHA256

      9b7ef387b9e5569d041123a574895f1e8ee6a2fda6bced4dbd50e276a5aa2919

      SHA512

      9bf088fa87712ff63975f7f5add0148d842e51722d9d0dd692670ce79c69bdbcd92cd0790e1a7c365d1b342091324f5987ee2bb7c4d0ae9178e8dc666a75a83b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P9N9I379\qsml[2].xml
      Filesize

      275B

      MD5

      b9f62eab3f31d0497f7fde8fcd13645a

      SHA1

      b69c5efa9adc66d9b837c4ec950568ec0b85e648

      SHA256

      125c0792faa780ddb3c1bb9908696d40a5609912e4e241e2e28aba84379ee546

      SHA512

      ef3d8f5ddfd56e539b62d64c6dd66d4a6f9dec98a9ce1dbdf40a0d38f404afbd74b013ec4774a4c1222eea380f90bb0a3dadd469ba81b82afc546c8df1f25e32

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P9N9I379\qsml[3].xml
      Filesize

      524B

      MD5

      26de8b0e64cf118c4b66c0780791a90e

      SHA1

      f1aad53a58a902525d798b639971c17fc759abff

      SHA256

      c254e6931af2fe7e8662e31e7fb5483742522816eb8d99e7168ef1bc92be03ac

      SHA512

      bc0f276f029254afda2968d78480ba3c3d535cec0ca194e9db4906fb15f3e8fe5882fb574b906eac240070156adc48529fa204d305b34cc192fe70391d4c23a1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P9N9I379\qsml[5].xml
      Filesize

      209B

      MD5

      61e1b245a1c8a97fa6e9c183594c43b6

      SHA1

      579b69122ca747b2039da3aaa201e929871e1518

      SHA256

      65cc791e8de55f4f2292e3f70d3ae832c4231ade06f900d9365961de25e0f63c

      SHA512

      2956d913ff04b569312123c87b8062a91cbd4db447492a80a0d27c1cf3b90dac7e2041e262387b9536b58830f3c70c00292c93d872ae9447ab89eb51deaeb0d3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\P9N9I379\qsml[6].xml
      Filesize

      213B

      MD5

      d7dd8f6d0a2d5c6f9cc4042a8d51f370

      SHA1

      d3a63bc4d259f2c699a6f1aa1f24b209b9f7c6c5

      SHA256

      cc4124e5aa89a24c0ee30e90770ee556055c6e5e5a4ccb470721655aa24dafe1

      SHA512

      1a5519e0d6c50f62a38de389f203bfaa39504be31d8ddb630cc7525ca5bdd2b964601980b066c78281315f14f2889ba94ccc46618cd987c057d8aeb3a8c8ca6b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SXHNX8M2\qsml[1].xml
      Filesize

      510B

      MD5

      e854f80c1ef5a0f93a86c6ba4cd0b16d

      SHA1

      3550ba65b763628a6d42c337ffe3811894d18107

      SHA256

      cc9dfea402cde6c9be457bc04da6cf8575574927266fc3243e8ab66fdc2b3071

      SHA512

      2aa94c4df7bfa90135468575d132bcfaa234b8de7a2932dae9336d064a9899c98a41bb968e08b18136fed2835a40ef925c83bb232f5f7a9b50a838c72fb03b62

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SXHNX8M2\qsml[2].xml
      Filesize

      306B

      MD5

      43e334a82f2bc7acfa732edd5a4955a8

      SHA1

      28e06f8f47737dc5889d461bf6c9ba622a70b013

      SHA256

      c21ea4ad979684cc9955145cdfae14f5fabf2fe392af903aaf7ccb443b18dac8

      SHA512

      fd0a67258e240580f08c408566e3b5e01632bea3211684346ea08cfe0ab1617ef58c326a1f285f48848ddaf7e48827744a5baa5b0c87a1c0d7339700044bafbf

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SXHNX8M2\qsml[3].xml
      Filesize

      523B

      MD5

      f211c172c12125863e8ac9d87cd99c19

      SHA1

      9fcbf8cf33abe97906ce1a7cfdf5029286998c9f

      SHA256

      572d43e18213679cc2319a614dd515ecfa7f9815f178a553edc7d95b437bf0bd

      SHA512

      9f16df182b1b8b86e631681d9f23d6439ad163b37564e0d03ecad888c614269f15293b9b031a4ed203046dfa922f2d426feb97a535a344d98edca1fc1ea33f1c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\SXHNX8M2\qsml[5].xml
      Filesize

      527B

      MD5

      99480fcd66a0d8b3645a44c6a5fbe247

      SHA1

      2648fb95dd3d353212bc2cf7d1888670f9bf6d09

      SHA256

      6f954fce32dad672265c306f1742ad691d07fffa66f17fb4f2c91c558b01bee3

      SHA512

      5a3498937fe679d2c9c81ec90fc4b6f5f4f41df4c1ae2bbba4769e75fe8473c7a539e446abf70b282d7203146e7e29419c2d5b0acc512338c68529c58fe90dcb

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X18LYNU3\favicon-trans-bg-blue-mg[1].ico
      Filesize

      4KB

      MD5

      30967b1b52cb6df18a8af8fcc04f83c9

      SHA1

      aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

      SHA256

      439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

      SHA512

      7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X18LYNU3\qsml[1].xml
      Filesize

      522B

      MD5

      ed3c166137ff09e82a7a4333e6df1905

      SHA1

      9d4b4c67097951a08c5e8e4454ea9e8283ebe5b8

      SHA256

      7a5baaa2b9e6edb072577942626f9e8b0d939c51661baa991e5f301bd20ca0df

      SHA512

      32dbed940635956cf83e3f56933ffa98207af46afd0f8eb38af54e3d8da675d3e62ec60b0c5cf95f6cf23956c6cdad14d889a99886d00318fb85c4025c309fe5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X18LYNU3\qsml[2].xml
      Filesize

      375B

      MD5

      43de1efeb2626e6e6bbb184ebbb42612

      SHA1

      8081be64973bfec9c17a95996329a7bcae62df55

      SHA256

      ad29dd34d3b2232ae2c25bbdaea4065a2647bb4432555c3403505761d7df9340

      SHA512

      01dd7a77d44de1bc58b727e09987b4d8403e88ec53870e23bb3198a8f64901acc8ee722a037448c6c4f899464ffb692e7abde3f0f0b69d69f4daf2899d36b166

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X18LYNU3\qsml[3].xml
      Filesize

      598B

      MD5

      17739a6a6c84eac2da4f4c13c1b323e2

      SHA1

      bbe71facfbd58ed1fd0fad4f4e53577b7066f81f

      SHA256

      d541db5e483ecdf76524c9af9ca544225488cd4a9543e4697d3592aee12ab361

      SHA512

      4c372a3b35338334712395fa95799a28950bbbe74b56f0ae5eb410bf7c9408fdc2bd8dca7d1290f2cd192edb4c7dfde8800abdf0de5dc7a5e77ab8b245186095

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\X18LYNU3\qsml[4].xml
      Filesize

      487B

      MD5

      1f3600022842882bf2becbe83377aa18

      SHA1

      41a80dbd98ea7e7ffd0af505c7f456cb987ca2c5

      SHA256

      177d9c87ba02b48745f7af5dea183c450a56526b8cde3a7eb2a27a518e195543

      SHA512

      15cf133ba18c56cfd2818866597a69425aea1734192aad578e87526cb811308a0b523c80c480f09287bb3d1666aead34b42a9ad32ece911dbd901f0ad51edabf

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Windows Defender.exe
      Filesize

      118KB

      MD5

      79a27511481a3ff98353cc18247555d0

      SHA1

      97ad6646d0ac8899a76e02820d57efccfc101da8

      SHA256

      51f67144ecd073fa1ebdcee8005a8c8d0f4281645866c13aef5e4e60591f9a2b

      SHA512

      b334158dcb5b7a3d21d5805088e6a13afdc64041d0d3dc5ce04e71a00ede1238f293109f9f9c6d64a59a53ee5263a2c0880fb26bba84e4fd7ad1da5b75d24eef

      Download Submit

    • C:\Users\Admin\Documents\read_me!.txt
      Filesize

      986B

      MD5

      8427dc526743e4f1e69690834bc4249d

      SHA1

      e85dce59e684593a7f0d7fb525c5439153439175

      SHA256

      a7f630d1f2643f5ecafd504c231af9e898504d0a09e0ea609940b59b68191f5d

      SHA512

      548201b5f9f89c4419a4b1a54737a7fe0b859c72dfb06d23459b53d8267bfb916863fb77b0e52d13677519477fc2fd5afb06c7c12b15592d3cc50b1c836ad804

      Download Submit

    • memory/1172-0-0x00007FF9E00B3000-0x00007FF9E00B5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1172-2-0x00007FF9E00B3000-0x00007FF9E00B5000-memory.dmp

      Filesize

      8KB

      Download

    • memory/1172-1-0x00000000000D0000-0x00000000000F4000-memory.dmp

      Filesize

      144KB

      Download

    • memory/4156-15-0x00007FF9E00B0000-0x00007FF9E0B71000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4156-23-0x00007FF9E00B0000-0x00007FF9E0B71000-memory.dmp

      Filesize

      10.8MB

      Download

    • memory/4156-523-0x00007FF9E00B0000-0x00007FF9E0B71000-memory.dmp

      Filesize

      10.8MB

      Download