Analysis
-
max time kernel
31s -
max time network
51s -
platform
windows7_x64 -
resource
win7-20220901-en -
resource tags
-
submitted
17-10-2022 05:31
General
-
Target
1a93d204cd4bf9b77434af18be074c47ad7fcebdd109ecc87f77d6b78a9ff2b3.exe
-
Size
4.9MB
-
MD5
37aa26e9208b0930fb1068d718d2e32e
-
SHA1
89a3c8a1f0288b0cb6797d0e17ddaa7961d65acc
-
SHA256
1a93d204cd4bf9b77434af18be074c47ad7fcebdd109ecc87f77d6b78a9ff2b3
-
SHA512
5c2645f16f8a0ba54c31128fc5f0f8b7b5e81ce208f42798904d39fd6de08e6f1378f9665e70412f5ba6b575dd90ca90191a8cbcdbf24511337a0ecf422d7fc8
-
SSDEEP
49152:bl5MTGChZpxtlBBgxchXb/zqP6DUtRgs5q289dAnSz44hnW1XgnYu6fYmPkMSx8E:
Score
10/10
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process 36 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
UAC bypass 3 TTPs 3 IoCs
-
DCRat payload 1 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Checks whether UAC is enabled 1 TTPs 2 IoCs
-
Drops file in Program Files directory 16 IoCs
-
Drops file in Windows directory 17 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 36 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of WriteProcessMemory 36 IoCs
-
System policy modification 1 TTPs 3 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\1a93d204cd4bf9b77434af18be074c47ad7fcebdd109ecc87f77d6b78a9ff2b3.exe"C:\Users\Admin\AppData\Local\Temp\1a93d204cd4bf9b77434af18be074c47ad7fcebdd109ecc87f77d6b78a9ff2b3.exe"1⤵
- UAC bypass
- Checks whether UAC is enabled
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
- System policy modification
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/MSOCache/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'2⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 14 /tr "'C:\Windows\Web\Wallpaper\Architecture\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Windows\Web\Wallpaper\Architecture\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 13 /tr "'C:\Windows\Web\Wallpaper\Architecture\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 10 /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 11 /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 13 /tr "'C:\Users\Default\Start Menu\smss.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smss" /sc ONLOGON /tr "'C:\Users\Default\Start Menu\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "smsss" /sc MINUTE /mo 5 /tr "'C:\Users\Default\Start Menu\smss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files\DVD Maker\services.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\DVD Maker\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "servicess" /sc MINUTE /mo 7 /tr "'C:\Program Files\DVD Maker\services.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 14 /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 11 /tr "'C:\Recovery\31001cc2-2a3d-11ed-9244-9c23e66b04e4\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Windows\Media\Cityscape\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\Media\Cityscape\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 7 /tr "'C:\Windows\Media\Cityscape\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 10 /tr "'C:\Program Files\Google\Chrome\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Google\Chrome\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 12 /tr "'C:\Program Files\Google\Chrome\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Media Player\Skins\sppsvc.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Media Player\Skins\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 11 /tr "'C:\Program Files (x86)\Windows Media Player\Skins\sppsvc.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 8 /tr "'C:\Windows\PLA\Reports\fr-FR\WMIADAP.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAP" /sc ONLOGON /tr "'C:\Windows\PLA\Reports\fr-FR\WMIADAP.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "WMIADAPW" /sc MINUTE /mo 10 /tr "'C:\Windows\PLA\Reports\fr-FR\WMIADAP.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 12 /tr "'C:\Windows\es-ES\dwm.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwm" /sc ONLOGON /tr "'C:\Windows\es-ES\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "dwmd" /sc MINUTE /mo 13 /tr "'C:\Windows\es-ES\dwm.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Microsoft Office\Templates\lsass.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Office\Templates\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "lsassl" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Microsoft Office\Templates\lsass.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD51cec5815fc17f874c042e17094c42eba
SHA194e76434beecd751f9d4a2bda16b4e64da228a2e
SHA256492a448b083ccdf8784f41876baf5f6cdfcea8d726b1696612d61b78798f5ed7
SHA51291d9e60c8e3527f9beb6b48319ea521b1a96492dbcdc7dc268bcc110e85b4a199544b0b8ba17641b12d1c04208aa30240291e3e291324fb0d8a61600f27fd0c5
-
memory/592-109-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/592-125-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/592-77-0x0000000000000000-mapping.dmp
-
memory/592-119-0x0000000002824000-0x0000000002827000-memory.dmpFilesize
12KB
-
memory/840-123-0x00000000027D4000-0x00000000027D7000-memory.dmpFilesize
12KB
-
memory/840-105-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/840-128-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/840-80-0x0000000000000000-mapping.dmp
-
memory/1080-107-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1080-116-0x00000000028D4000-0x00000000028D7000-memory.dmpFilesize
12KB
-
memory/1080-112-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1080-83-0x0000000000000000-mapping.dmp
-
memory/1308-108-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1308-76-0x0000000000000000-mapping.dmp
-
memory/1308-120-0x0000000002644000-0x0000000002647000-memory.dmpFilesize
12KB
-
memory/1308-126-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1324-122-0x0000000002514000-0x0000000002517000-memory.dmpFilesize
12KB
-
memory/1324-86-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1324-70-0x0000000000000000-mapping.dmp
-
memory/1324-129-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1520-106-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1520-74-0x0000000000000000-mapping.dmp
-
memory/1520-114-0x0000000002290000-0x0000000002310000-memory.dmpFilesize
512KB
-
memory/1520-130-0x0000000002290000-0x0000000002310000-memory.dmpFilesize
512KB
-
memory/1520-110-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1528-72-0x0000000000000000-mapping.dmp
-
memory/1528-104-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1528-115-0x00000000024F4000-0x00000000024F7000-memory.dmpFilesize
12KB
-
memory/1528-111-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1540-71-0x0000000000000000-mapping.dmp
-
memory/1720-54-0x0000000000CF0000-0x00000000011E4000-memory.dmpFilesize
5.0MB
-
memory/1720-68-0x00000000004F0000-0x00000000004FC000-memory.dmpFilesize
48KB
-
memory/1720-58-0x0000000000430000-0x0000000000440000-memory.dmpFilesize
64KB
-
memory/1720-56-0x00000000002F0000-0x000000000030C000-memory.dmpFilesize
112KB
-
memory/1720-63-0x00000000004A0000-0x00000000004AA000-memory.dmpFilesize
40KB
-
memory/1720-59-0x0000000000440000-0x0000000000456000-memory.dmpFilesize
88KB
-
memory/1720-60-0x0000000000460000-0x0000000000470000-memory.dmpFilesize
64KB
-
memory/1720-57-0x0000000000310000-0x0000000000318000-memory.dmpFilesize
32KB
-
memory/1720-67-0x00000000004E0000-0x00000000004E8000-memory.dmpFilesize
32KB
-
memory/1720-55-0x000000001B460000-0x000000001B58E000-memory.dmpFilesize
1.2MB
-
memory/1720-66-0x00000000004D0000-0x00000000004D8000-memory.dmpFilesize
32KB
-
memory/1720-61-0x0000000000470000-0x000000000047A000-memory.dmpFilesize
40KB
-
memory/1720-62-0x0000000000480000-0x0000000000492000-memory.dmpFilesize
72KB
-
memory/1720-65-0x00000000004C0000-0x00000000004CE000-memory.dmpFilesize
56KB
-
memory/1720-64-0x00000000004B0000-0x00000000004BE000-memory.dmpFilesize
56KB
-
memory/1736-118-0x0000000002664000-0x0000000002667000-memory.dmpFilesize
12KB
-
memory/1736-124-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1736-103-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1736-73-0x0000000000000000-mapping.dmp
-
memory/1804-84-0x0000000000000000-mapping.dmp
-
memory/1856-113-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1856-117-0x0000000002814000-0x0000000002817000-memory.dmpFilesize
12KB
-
memory/1856-78-0x0000000000000000-mapping.dmp
-
memory/1856-102-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB
-
memory/1972-69-0x0000000000000000-mapping.dmp
-
memory/1972-75-0x000007FEFC011000-0x000007FEFC013000-memory.dmpFilesize
8KB
-
memory/1972-121-0x0000000002734000-0x0000000002737000-memory.dmpFilesize
12KB
-
memory/1972-127-0x000007FEEA100000-0x000007FEEAC5D000-memory.dmpFilesize
11.4MB
-
memory/1972-90-0x000007FEEB310000-0x000007FEEBD33000-memory.dmpFilesize
10.1MB