Overview

overview

10

Static

static

10

951ad9f829...ba.exe

windows7-x64

10

951ad9f829...ba.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    139s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    17/05/2024, 01:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    951ad9f829662e6fb80e7a1b8f4eaa3de47c225388b26d3bd19d05c54d2f9eba.exe

  • Size

    2.0MB

  • MD5

    7a92d788bf63e3e0446c25e4b7dd3f9a

  • SHA1

    482860a3d765b91779840f3510690a4130fcfdc4

  • SHA256

    951ad9f829662e6fb80e7a1b8f4eaa3de47c225388b26d3bd19d05c54d2f9eba

  • SHA512

    171d61faaa7812c4045d6a552a4e166786ab2c11cd89ac89adcc545a2222e0c81e880de4b4eba2118f0df5716ab54591c84ab852bd47f9bc57f6b26dd1eb034a

  • SSDEEP

    24576:kn2XTCHM4xT9V3XzsHhVmatCELYIXVelAtgbHHd:SaTUv0jmtEttc

Score
10/10
dcratinfostealerpersistencerat

Malware Config

Signatures

  • DcRat 41 IoCs

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Modifies WinLogon for persistence 2 TTPs 13 IoCs
    persistence
  • Process spawned unexpected child process 39 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • DCRat payload 11 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Detects executables containing bas64 encoded gzip files 11 IoCs
  • Detects executables packed with SmartAssembly 3 IoCs
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 1 IoCs
  • Adds Run key to start application 2 TTPs 26 IoCs
    persistence
  • Drops file in Program Files directory 36 IoCs
  • Drops file in Windows directory 17 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Creates scheduled task(s) 1 TTPs 39 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 38 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 2 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\951ad9f829662e6fb80e7a1b8f4eaa3de47c225388b26d3bd19d05c54d2f9eba.exe
    "C:\Users\Admin\AppData\Local\Temp\951ad9f829662e6fb80e7a1b8f4eaa3de47c225388b26d3bd19d05c54d2f9eba.exe"
    1⤵
    • DcRat
    • Modifies WinLogon for persistence
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:1480
    • C:\Windows\GameBarPresenceWriter\sihost.exe
      "C:\Windows\GameBarPresenceWriter\sihost.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:4848
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "servicess" /sc MINUTE /mo 6 /tr "'C:\Program Files\Common Files\services.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2688
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Program Files\Common Files\services.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:696
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "servicess" /sc MINUTE /mo 11 /tr "'C:\Program Files\Common Files\services.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:336
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Google\winlogon.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1444
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "winlogon" /sc ONLOGON /tr "'C:\Program Files (x86)\Google\winlogon.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1216
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "winlogonw" /sc MINUTE /mo 10 /tr "'C:\Program Files (x86)\Google\winlogon.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1508
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 11 /tr "'C:\Windows\GameBarPresenceWriter\sihost.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2180
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sihost" /sc ONLOGON /tr "'C:\Windows\GameBarPresenceWriter\sihost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:3924
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sihosts" /sc MINUTE /mo 10 /tr "'C:\Windows\GameBarPresenceWriter\sihost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4860
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 5 /tr "'C:\Windows\SoftwareDistribution\Download\sppsvc.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4356
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Windows\SoftwareDistribution\Download\sppsvc.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:5060
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 9 /tr "'C:\Windows\SoftwareDistribution\Download\sppsvc.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:3588
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\Users\Public\Pictures\csrss.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4092
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Public\Pictures\csrss.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:3692
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 9 /tr "'C:\Users\Public\Pictures\csrss.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2684
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 9 /tr "'C:\Program Files\Windows Defender\uk-UA\backgroundTaskHost.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:536
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "backgroundTaskHost" /sc ONLOGON /tr "'C:\Program Files\Windows Defender\uk-UA\backgroundTaskHost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2996
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "backgroundTaskHostb" /sc MINUTE /mo 5 /tr "'C:\Program Files\Windows Defender\uk-UA\backgroundTaskHost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2828
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 11 /tr "'C:\Program Files\7-Zip\Lang\sppsvc.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4412
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvc" /sc ONLOGON /tr "'C:\Program Files\7-Zip\Lang\sppsvc.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1876
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "sppsvcs" /sc MINUTE /mo 14 /tr "'C:\Program Files\7-Zip\Lang\sppsvc.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4504
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 7 /tr "'C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\lsass.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4688
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\lsass.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1488
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 13 /tr "'C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\lsass.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2220
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 5 /tr "'C:\Program Files (x86)\Windows Portable Devices\dllhost.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4952
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Portable Devices\dllhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4772
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Windows Portable Devices\dllhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:444
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Reference Assemblies\fontdrvhost.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4028
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "fontdrvhost" /sc ONLOGON /tr "'C:\Program Files (x86)\Reference Assemblies\fontdrvhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:3452
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "fontdrvhostf" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Reference Assemblies\fontdrvhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:3440
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 14 /tr "'C:\Windows\Downloaded Program Files\dllhost.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:5108
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Windows\Downloaded Program Files\dllhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1796
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 8 /tr "'C:\Windows\Downloaded Program Files\dllhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2864
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 10 /tr "'C:\Program Files\Windows Media Player\dllhost.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2156
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhost" /sc ONLOGON /tr "'C:\Program Files\Windows Media Player\dllhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:3688
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "dllhostd" /sc MINUTE /mo 14 /tr "'C:\Program Files\Windows Media Player\dllhost.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:4540
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 14 /tr "'C:\Recovery\WindowsRE\spoolsv.exe'" /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2292
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Recovery\WindowsRE\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:2536
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 7 /tr "'C:\Recovery\WindowsRE\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • DcRat
    • Process spawned unexpected child process
    • Creates scheduled task(s)
    PID:1044

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files (x86)\Google\winlogon.exe
    Filesize

    2.0MB

    MD5

    c03024ff7d58a4baff1b40a77ddd673c

    SHA1

    643629b25534535ff882077d87f81c07f922beb9

    SHA256

    c12023087cbf371548ef0e6ff0fac6a8b87f5d0a208ac59eedddb8cbe646c9e2

    SHA512

    308e2ee8020aab856ddba7f34b4cd91e3a2c2ac4741a229a7204fd16f5737b7b569ab4bf7f9348c63fa0ea7b5436da6e9f76f1217675700ab0e3aa9c2f618916

    Download Submit

  • C:\Program Files (x86)\Reference Assemblies\fontdrvhost.exe
    Filesize

    2.0MB

    MD5

    b1dde1fd67a9bf7977d3dee14208713b

    SHA1

    0477648014c687fce729872496012ad868eea768

    SHA256

    9aa6c4396dd3a46c8edca8eb502b6adab638bb004febb7b3b3a1169d9cc983d4

    SHA512

    316656892997900a5790bd2782b71d3ca40139ed085edfad0f0b4ec3954937d6036484d0cc3c457eea4cf4e02833b49d071245bb67a89c77e7271e48a1eb3b3a

    Download Submit

  • C:\Program Files (x86)\Windows Portable Devices\dllhost.exe
    Filesize

    2.0MB

    MD5

    c87e8c43ca46ec4b38af20d79a7d7f02

    SHA1

    36539d4f6c0407b3d289fbba229f8b021bc89a80

    SHA256

    e21f8823db4ea2c0ff606ab40a0e2454cea52e19adde47214320ccb885e50869

    SHA512

    dccdf8b94688b5cac0095c4723091c797daa7f85599eff83e6119978f1644add11e3397be67addd939ef9812fc122ad5b78f49aee0133f778432d78054951a2e

    Download Submit

  • C:\Program Files\7-Zip\Lang\sppsvc.exe
    Filesize

    2.0MB

    MD5

    1382b470dac7f0131e5f51c9a26a57dc

    SHA1

    5ec604e018979d89fa00a1bb1ad84957815cc3a7

    SHA256

    25e7eb7e7d4698b7d3444ce67ac48d2ce725654f313644e934905d5117378bf9

    SHA512

    404f779f059cdbc909ba36d2ccd6f58a8d894d0f31934d06a5e186c2fd41079c83c42c9d7d50176fe7fe2bfe85a5d787642f642cf340a42d9b918516e52fa797

    Download Submit

  • C:\Program Files\Windows Defender\uk-UA\backgroundTaskHost.exe
    Filesize

    2.0MB

    MD5

    5617d8a4d168defbccf1ae857675e214

    SHA1

    fe7284981ed21a244324525fb5a42bf9907f7b6d

    SHA256

    bc891e9d2d7d396d59af2e66c22c20229dcfbbc7eb1c9782d191b7640b336a24

    SHA512

    c6a1729f6cc00a8be4514d52617e4de7de0dee95c87300a13e8199308d1d9f9a6386ca6a0ab8e2e92ae910f3232f1225b80ff31a9c1205116bd8669ae1a0b219

    Download Submit

  • C:\Program Files\Windows Media Player\dllhost.exe
    Filesize

    2.0MB

    MD5

    89f4f31cad843d18be12ad87fa44ab83

    SHA1

    e056afb389c366bf988bf1756e294ec71f3b6887

    SHA256

    151391586e64bae9f78f6ba8b0d325febf1afdfacb576bd91cbeaab46fe2e273

    SHA512

    4fb2f59c72248476273836f7a5e4a23069eb86f46b1f7c06cf9103c0815d9729d83f2d1a56622e24f4744c314b1357928ea09486ba5340a12a198ed65688a972

    Download Submit

  • C:\Users\Public\Pictures\csrss.exe
    Filesize

    2.0MB

    MD5

    7a92d788bf63e3e0446c25e4b7dd3f9a

    SHA1

    482860a3d765b91779840f3510690a4130fcfdc4

    SHA256

    951ad9f829662e6fb80e7a1b8f4eaa3de47c225388b26d3bd19d05c54d2f9eba

    SHA512

    171d61faaa7812c4045d6a552a4e166786ab2c11cd89ac89adcc545a2222e0c81e880de4b4eba2118f0df5716ab54591c84ab852bd47f9bc57f6b26dd1eb034a

    Download Submit

  • C:\Windows\GameBarPresenceWriter\sihost.exe
    Filesize

    2.0MB

    MD5

    42a3309404968b1db33f1b00b15984cf

    SHA1

    9f419520d7a8cbd62d4af83f2d8f36ca6df8f4ff

    SHA256

    84b3df302c5fa7bf031e9031a8c8a857b11af7603f33ab7681fdbd98e400d705

    SHA512

    9941103c378640407bafa2025f7eb73798e1662708dd5fb29cdafbf6883b047f9d59399cc7a42b934f2b03787ff2183bc4ed2d1473fc4489fad9ad36e0e34073

    Download Submit

  • C:\Windows\SystemApps\Microsoft.ECApp_8wekyb3d8bbwe\lsass.exe
    Filesize

    2.0MB

    MD5

    26e0bd39107933e7442f205e49206331

    SHA1

    228ddf9f46ed5fa5428d161b7751f05d647b83e2

    SHA256

    9fd04fe08b58bc95afd51751c70b64ac1a1ad33c4027bb3aeb272a0505cbf1af

    SHA512

    8970ff9dacd1db762ed93fc5a93507c24c76925d919fd08e6a107c9c68af1f6b94c545a5eb0379ed7466d3461fd2d0a6034d69e22b2ace5e8a6dbfd38047c64d

    Download Submit

  • memory/1480-8-0x000000001B680000-0x000000001B6D6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1480-0-0x00007FFAFCB13000-0x00007FFAFCB15000-memory.dmp

    Filesize

    8KB

    Download

  • memory/1480-13-0x000000001B620000-0x000000001B62E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1480-12-0x000000001B610000-0x000000001B61E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/1480-10-0x000000001B0C0000-0x000000001B0CC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1480-14-0x000000001B6D0000-0x000000001B6DA000-memory.dmp

    Filesize

    40KB

    Download

  • memory/1480-9-0x00000000026D0000-0x00000000026DC000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1480-5-0x00000000026B0000-0x00000000026B8000-memory.dmp

    Filesize

    32KB

    Download

  • memory/1480-7-0x000000001B5E0000-0x000000001B5F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/1480-11-0x000000001B600000-0x000000001B60C000-memory.dmp

    Filesize

    48KB

    Download

  • memory/1480-6-0x00000000026C0000-0x00000000026D0000-memory.dmp

    Filesize

    64KB

    Download

  • memory/1480-4-0x000000001B630000-0x000000001B680000-memory.dmp

    Filesize

    320KB

    Download

  • memory/1480-3-0x00000000024E0000-0x00000000024FC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/1480-2-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/1480-1-0x0000000000260000-0x000000000046C000-memory.dmp

    Filesize

    2.0MB

    Download

  • memory/1480-241-0x00007FFAFCB10000-0x00007FFAFD5D1000-memory.dmp

    Filesize

    10.8MB

    Download

  • memory/4848-242-0x0000000000F80000-0x000000000118C000-memory.dmp

    Filesize

    2.0MB

    Download