Analysis
-
max time kernel
114s -
max time network
100s -
platform
windows7_x64 -
resource
win7-20221111-en -
resource tags
-
submitted
30-01-2023 02:12
General
-
Target
P3MKL.exe
-
Size
1.7MB
-
MD5
f812dea5ffd8ac4eb11cf366b7baccca
-
SHA1
f16dd261312b338f6a23b5a8a29ca649d9e36c4e
-
SHA256
b1304c0e84874b14b78436e3ca39321a10f1b6c67743a74eacd59e435be09292
-
SHA512
c22750b31fae4389e69d715d5ffbbb7e79c7d8294cc3ac9f40a6bdb1921517cb52eed4e8bad5535bf20d3527ba468a845e50f081ba9360f753969025c80d8237
-
SSDEEP
24576:t3QwuLyEbVoCtPreIjNLoN/VNGeSQDx1m17zezKOkCzeJGFUJ:tgwuuEpdDLNwVMeXDL0fdSzAG
Malware Config
Signatures
-
DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
-
Process spawned unexpected child process 12 IoCs
This typically indicates the parent process was compromised via an exploit or macro.
-
DCRat payload 5 IoCs
Detects payload of DCRat, commonly dropped by NSIS installers.
-
Drops file in Drivers directory 1 IoCs
-
Executes dropped EXE 2 IoCs
-
Drops file in Program Files directory 10 IoCs
-
Drops file in Windows directory 5 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Creates scheduled task(s) 1 TTPs 12 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 14 IoCs
-
Suspicious use of WriteProcessMemory 54 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\P3MKL.exe"C:\Users\Admin\AppData\Local\Temp\P3MKL.exe"1⤵
- Drops file in Drivers directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/MSOCache/'2⤵
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'2⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\oenbPsVKIi.bat"2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\w32tm.exew32tm /stripchart /computer:localhost /period:5 /dataonly /samples:23⤵
-
C:\Users\All Users\Desktop\taskhost.exe"C:\Users\All Users\Desktop\taskhost.exe"3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5cc4de68-f6eb-437e-aea4-a9f4cfe4350c.vbs"4⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\All Users\Desktop\taskhost.exe"C:\Users\All Users\Desktop\taskhost.exe"5⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\WScript.exe"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\e4c454cc-2b81-473f-8e6d-3f49539acab5.vbs"4⤵
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 6 /tr "'C:\Windows\Migration\WTR\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Windows\Migration\WTR\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 12 /tr "'C:\Windows\Migration\WTR\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 8 /tr "'C:\Program Files\Google\explorer.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Google\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "explorere" /sc MINUTE /mo 12 /tr "'C:\Program Files\Google\explorer.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Microsoft Analysis Services\csrss.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft Analysis Services\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "csrssc" /sc MINUTE /mo 12 /tr "'C:\Program Files (x86)\Microsoft Analysis Services\csrss.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Users\All Users\Desktop\taskhost.exe'" /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Users\All Users\Desktop\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
-
C:\Windows\system32\schtasks.exeschtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 13 /tr "'C:\Users\All Users\Desktop\taskhost.exe'" /rl HIGHEST /f1⤵
- Process spawned unexpected child process
- Creates scheduled task(s)
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Temp\5cc4de68-f6eb-437e-aea4-a9f4cfe4350c.vbsFilesize
715B
MD52110d44074542d34cf8d8df73119a2e7
SHA106e9d45900301f7d2dbfdf9d0e33be83e427055a
SHA2564b32a0a1b20f71e6cce5ac5e5a5036eea29aa42a565dc7b80938d9d9c0d85e1e
SHA512b277731c2395bcaa2dfc2840a543941561ecfa9181836b514ec1ffa8ddff9be74db6ca69fff691eb802792957f5ac2cbb77e1d32796b5ea96c40ef41b9e24dbb
-
C:\Users\Admin\AppData\Local\Temp\e4c454cc-2b81-473f-8e6d-3f49539acab5.vbsFilesize
491B
MD54b4a7706344b22e30918921d1eabf05a
SHA194fcae724876e816386fcf00e6f273b86bc4923e
SHA256e5e7753b1013b2a42633d42b89cbade70207ed3048b3ff98267444c944fb64a7
SHA51225846096751613881dc381eb151410a6624d8b00ca1f0a5667e762284e9f055e7c68594e6f08dc0ffb2b91578add364bd7813358295a148fd2f152868d1ab3b0
-
C:\Users\Admin\AppData\Local\Temp\oenbPsVKIi.batFilesize
204B
MD5068617a94c2595ec862247bf2c45ab69
SHA1e8d35c5e93ce8e44c909d7ec0480801f09acc02f
SHA256e27a4bc3f3d702fd86ed4db4be4b778b1c831fc6ff9ee4fa5380a3d4f5e7d668
SHA512c729b920d4c890dd566deb0da0e31bdfee05ae8e4f65fb5a0c2b368fe1565fbe03572134271e550e55a3b70ddc6f971b759c27185dc925318cc8c799347f382f
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-msFilesize
7KB
MD53f6b3a3d45cd90eb347118c7056dfa82
SHA1fb6c38cdfcd7c13e9d3069ad3046d653198d34fe
SHA2560380a196720ba59088342f8c9137419479f611ecc3c637b13c5e1393101c75f7
SHA512d5aed8c62c78db3783937b2a32502d17bedc1d6b854b88ff19206937d704b00e00e1590673948bc11b78b82bb681b4834ff185b37e9e5012afb745215d750035
-
C:\Users\All Users\Desktop\taskhost.exeFilesize
1.7MB
MD5122cdd121acbf91be9acd379eed02c89
SHA13215224950ca0bdf48758dbcce799f9fa7488365
SHA25602756b3f030ca68f2e57eecf4f3687261fedda9c47f3dd5613837a1ac399e4a9
SHA51280c86f651e748a2c328baeb6093303085a5863b87cadb250fdc9f7a84b2b5bd3bf52236c66832ecfca16950067e5aa9bafe6304495ffee005f7a7ff1d970941a
-
C:\Users\Public\Desktop\taskhost.exeFilesize
1.7MB
MD5122cdd121acbf91be9acd379eed02c89
SHA13215224950ca0bdf48758dbcce799f9fa7488365
SHA25602756b3f030ca68f2e57eecf4f3687261fedda9c47f3dd5613837a1ac399e4a9
SHA51280c86f651e748a2c328baeb6093303085a5863b87cadb250fdc9f7a84b2b5bd3bf52236c66832ecfca16950067e5aa9bafe6304495ffee005f7a7ff1d970941a
-
C:\Users\Public\Desktop\taskhost.exeFilesize
1.7MB
MD5122cdd121acbf91be9acd379eed02c89
SHA13215224950ca0bdf48758dbcce799f9fa7488365
SHA25602756b3f030ca68f2e57eecf4f3687261fedda9c47f3dd5613837a1ac399e4a9
SHA51280c86f651e748a2c328baeb6093303085a5863b87cadb250fdc9f7a84b2b5bd3bf52236c66832ecfca16950067e5aa9bafe6304495ffee005f7a7ff1d970941a
-
\??\PIPE\srvsvcMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/288-159-0x00000000026AB000-0x00000000026CA000-memory.dmpFilesize
124KB
-
memory/288-133-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/288-149-0x00000000026AB000-0x00000000026CA000-memory.dmpFilesize
124KB
-
memory/288-115-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/288-127-0x00000000026A4000-0x00000000026A7000-memory.dmpFilesize
12KB
-
memory/288-82-0x0000000000000000-mapping.dmp
-
memory/288-142-0x000000001B870000-0x000000001BB6F000-memory.dmpFilesize
3.0MB
-
memory/288-141-0x00000000026A4000-0x00000000026A7000-memory.dmpFilesize
12KB
-
memory/288-158-0x00000000026A4000-0x00000000026A7000-memory.dmpFilesize
12KB
-
memory/296-135-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/296-128-0x0000000002614000-0x0000000002617000-memory.dmpFilesize
12KB
-
memory/296-145-0x000000001B910000-0x000000001BC0F000-memory.dmpFilesize
3.0MB
-
memory/296-76-0x0000000000000000-mapping.dmp
-
memory/296-165-0x000000000261B000-0x000000000263A000-memory.dmpFilesize
124KB
-
memory/296-112-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/296-153-0x000000000261B000-0x000000000263A000-memory.dmpFilesize
124KB
-
memory/296-162-0x0000000002614000-0x0000000002617000-memory.dmpFilesize
12KB
-
memory/324-167-0x00000000028FB000-0x000000000291A000-memory.dmpFilesize
124KB
-
memory/324-160-0x00000000028FB000-0x000000000291A000-memory.dmpFilesize
124KB
-
memory/324-169-0x00000000028F4000-0x00000000028F7000-memory.dmpFilesize
12KB
-
memory/324-81-0x0000000000000000-mapping.dmp
-
memory/324-136-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/324-147-0x000000001B7D0000-0x000000001BACF000-memory.dmpFilesize
3.0MB
-
memory/324-126-0x00000000028F4000-0x00000000028F7000-memory.dmpFilesize
12KB
-
memory/324-116-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/472-190-0x000007FEEC200000-0x000007FEECC23000-memory.dmpFilesize
10.1MB
-
memory/472-192-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/472-193-0x0000000002230000-0x00000000022B0000-memory.dmpFilesize
512KB
-
memory/472-194-0x000000001B6E0000-0x000000001B9DF000-memory.dmpFilesize
3.0MB
-
memory/472-74-0x0000000000000000-mapping.dmp
-
memory/608-163-0x000000000274B000-0x000000000276A000-memory.dmpFilesize
124KB
-
memory/608-124-0x0000000002744000-0x0000000002747000-memory.dmpFilesize
12KB
-
memory/608-172-0x0000000002744000-0x0000000002747000-memory.dmpFilesize
12KB
-
memory/608-173-0x000000000274B000-0x000000000276A000-memory.dmpFilesize
124KB
-
memory/608-71-0x0000000000000000-mapping.dmp
-
memory/608-137-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/608-91-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/608-80-0x000007FEFB5D1000-0x000007FEFB5D3000-memory.dmpFilesize
8KB
-
memory/680-181-0x0000000002504000-0x0000000002507000-memory.dmpFilesize
12KB
-
memory/680-75-0x0000000000000000-mapping.dmp
-
memory/680-185-0x000000001B700000-0x000000001B9FF000-memory.dmpFilesize
3.0MB
-
memory/680-180-0x000007FEE91A0000-0x000007FEE9CFD000-memory.dmpFilesize
11.4MB
-
memory/680-179-0x000007FEEC200000-0x000007FEECC23000-memory.dmpFilesize
10.1MB
-
memory/680-191-0x0000000002504000-0x0000000002507000-memory.dmpFilesize
12KB
-
memory/680-189-0x000000000250B000-0x000000000252A000-memory.dmpFilesize
124KB
-
memory/828-73-0x0000000000000000-mapping.dmp
-
memory/912-77-0x0000000000000000-mapping.dmp
-
memory/912-125-0x0000000002924000-0x0000000002927000-memory.dmpFilesize
12KB
-
memory/912-170-0x0000000002924000-0x0000000002927000-memory.dmpFilesize
12KB
-
memory/912-171-0x000000000292B000-0x000000000294A000-memory.dmpFilesize
124KB
-
memory/912-117-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/912-155-0x000000000292B000-0x000000000294A000-memory.dmpFilesize
124KB
-
memory/912-148-0x000000001B7E0000-0x000000001BADF000-memory.dmpFilesize
3.0MB
-
memory/912-138-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/960-178-0x00000000027E4000-0x00000000027E7000-memory.dmpFilesize
12KB
-
memory/960-182-0x000000001B830000-0x000000001BB2F000-memory.dmpFilesize
3.0MB
-
memory/960-176-0x000007FEE91A0000-0x000007FEE9CFD000-memory.dmpFilesize
11.4MB
-
memory/960-175-0x000007FEEC200000-0x000007FEECC23000-memory.dmpFilesize
10.1MB
-
memory/960-79-0x0000000000000000-mapping.dmp
-
memory/960-184-0x00000000027E4000-0x00000000027E7000-memory.dmpFilesize
12KB
-
memory/960-186-0x00000000027EB000-0x000000000280A000-memory.dmpFilesize
124KB
-
memory/960-183-0x00000000027EB000-0x000000000280A000-memory.dmpFilesize
124KB
-
memory/1504-168-0x000000000288B000-0x00000000028AA000-memory.dmpFilesize
124KB
-
memory/1504-166-0x0000000002884000-0x0000000002887000-memory.dmpFilesize
12KB
-
memory/1504-78-0x0000000000000000-mapping.dmp
-
memory/1504-146-0x000000001B730000-0x000000001BA2F000-memory.dmpFilesize
3.0MB
-
memory/1504-113-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/1504-131-0x0000000002884000-0x0000000002887000-memory.dmpFilesize
12KB
-
memory/1504-139-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/1504-154-0x000000000288B000-0x00000000028AA000-memory.dmpFilesize
124KB
-
memory/1532-55-0x0000000000A00000-0x0000000000A1C000-memory.dmpFilesize
112KB
-
memory/1532-69-0x000000001B286000-0x000000001B2A5000-memory.dmpFilesize
124KB
-
memory/1532-62-0x0000000002020000-0x0000000002028000-memory.dmpFilesize
32KB
-
memory/1532-106-0x000000001B286000-0x000000001B2A5000-memory.dmpFilesize
124KB
-
memory/1532-63-0x0000000002030000-0x000000000203C000-memory.dmpFilesize
48KB
-
memory/1532-56-0x0000000000880000-0x0000000000888000-memory.dmpFilesize
32KB
-
memory/1532-57-0x0000000000A20000-0x0000000000A30000-memory.dmpFilesize
64KB
-
memory/1532-58-0x0000000000A30000-0x0000000000A46000-memory.dmpFilesize
88KB
-
memory/1532-59-0x0000000000A50000-0x0000000000A62000-memory.dmpFilesize
72KB
-
memory/1532-61-0x0000000002050000-0x000000000205C000-memory.dmpFilesize
48KB
-
memory/1532-68-0x00000000020A0000-0x00000000020AC000-memory.dmpFilesize
48KB
-
memory/1532-64-0x0000000002070000-0x000000000207C000-memory.dmpFilesize
48KB
-
memory/1532-54-0x0000000000A60000-0x0000000000C16000-memory.dmpFilesize
1.7MB
-
memory/1532-67-0x0000000002090000-0x000000000209C000-memory.dmpFilesize
48KB
-
memory/1532-60-0x0000000002040000-0x0000000002050000-memory.dmpFilesize
64KB
-
memory/1532-66-0x0000000002080000-0x0000000002088000-memory.dmpFilesize
32KB
-
memory/1532-65-0x0000000002060000-0x000000000206A000-memory.dmpFilesize
40KB
-
memory/1612-157-0x00000000022AB000-0x00000000022CA000-memory.dmpFilesize
124KB
-
memory/1612-143-0x000000001B900000-0x000000001BBFF000-memory.dmpFilesize
3.0MB
-
memory/1612-121-0x00000000022A4000-0x00000000022A7000-memory.dmpFilesize
12KB
-
memory/1612-120-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/1612-94-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/1612-156-0x00000000022A4000-0x00000000022A7000-memory.dmpFilesize
12KB
-
memory/1612-70-0x0000000000000000-mapping.dmp
-
memory/1612-150-0x00000000022AB000-0x00000000022CA000-memory.dmpFilesize
124KB
-
memory/1784-100-0x0000000000000000-mapping.dmp
-
memory/1792-132-0x000007FEE9D00000-0x000007FEEA85D000-memory.dmpFilesize
11.4MB
-
memory/1792-164-0x000000000271B000-0x000000000273A000-memory.dmpFilesize
124KB
-
memory/1792-140-0x0000000002714000-0x0000000002717000-memory.dmpFilesize
12KB
-
memory/1792-107-0x000007FEEB7B0000-0x000007FEEC1D3000-memory.dmpFilesize
10.1MB
-
memory/1792-72-0x0000000000000000-mapping.dmp
-
memory/1792-144-0x000000001B8D0000-0x000000001BBCF000-memory.dmpFilesize
3.0MB
-
memory/1792-161-0x0000000002714000-0x0000000002717000-memory.dmpFilesize
12KB
-
memory/1792-151-0x000000000271B000-0x000000000273A000-memory.dmpFilesize
124KB
-
memory/1792-123-0x0000000002714000-0x0000000002717000-memory.dmpFilesize
12KB
-
memory/1920-196-0x0000000000000000-mapping.dmp
-
memory/2144-105-0x0000000000000000-mapping.dmp
-
memory/2184-111-0x0000000000DF0000-0x0000000000FA6000-memory.dmpFilesize
1.7MB
-
memory/2184-114-0x0000000000540000-0x0000000000552000-memory.dmpFilesize
72KB
-
memory/2184-109-0x0000000000000000-mapping.dmp
-
memory/2184-134-0x000000001B1A6000-0x000000001B1C5000-memory.dmpFilesize
124KB
-
memory/2184-118-0x000000001B1A6000-0x000000001B1C5000-memory.dmpFilesize
124KB
-
memory/2184-195-0x000000001B1A6000-0x000000001B1C5000-memory.dmpFilesize
124KB
-
memory/2392-119-0x0000000000000000-mapping.dmp
-
memory/2424-122-0x0000000000000000-mapping.dmp