dcrat | 74b9b6e1e63cca5ba910a43e796597efd689675c01128a9ac26a6cd7e297766f

Analysis

max time kernel
32s
max time network
16s
platform
windows7_x64
resource
win7-20240903-en
resource tags

arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
submitted
17-12-2024 23:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Fatality.rar
Size

19.9MB
MD5

b60d035b8bedec4e63eb8b3426e43bfb
SHA1

463be6fb7f77f5894ae6b667ffef26df31410b3b
SHA256

74b9b6e1e63cca5ba910a43e796597efd689675c01128a9ac26a6cd7e297766f
SHA512

0ba5c1c2796d2e747090850df1444e0ed083ad7f90604f86e13e36e05c8f54f407e5b85ab5b3115bb03f7060b3eedaabfc2955ee9ad6746d6e8a7ed2435792d0
SSDEEP

393216:q3OBj0xeAiZ2gQOMwrIoHVZaYVMRInHuNJ6gUS6+YxxthVvckj58/frFdwCgGmMr:+OBox2bMgPH/aYqRInHuNJ6zLNxzvckW

Score

10^/10

dcrat discovery evasion infostealer rat trojan

Malware Config

Signatures

DcRat
DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.
rat infostealer dcrat
Dcrat family
dcrat

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	WLsuO5XICEW6.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	WLsuO5XICEW6.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	WLsuO5XICEW6.exe

Executes dropped EXE 5 IoCs

pid	Process
1740	Fatalitycrack.exe
2752	WLsuO5XICEW6.exe
2756	DCRatBuild.exe
816	Surrogatedhcp.exe
3492	audiodg.exe

Loads dropped DLL 3 IoCs

pid	Process
1740	Fatalitycrack.exe
2644	cmd.exe
2644	cmd.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	WLsuO5XICEW6.exe

Drops file in Program Files directory 3 IoCs

description	ioc	Process
File created	C:\Program Files\Windows Defender\en-US\winlogon.exe	Surrogatedhcp.exe
File opened for modification	C:\Program Files\Windows Defender\en-US\winlogon.exe	Surrogatedhcp.exe
File created	C:\Program Files\Windows Defender\en-US\cc11b995f2a76d	Surrogatedhcp.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\Globalization\Sorting\lsm.exe	Surrogatedhcp.exe
File created	C:\Windows\Globalization\Sorting\101b941d020240	Surrogatedhcp.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DCRatBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WScript.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2100	7zFM.exe
2100	7zFM.exe
2100	7zFM.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe
816	Surrogatedhcp.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2100	7zFM.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	2100	7zFM.exe
Token: 35	2100	7zFM.exe
Token: SeSecurityPrivilege	2100	7zFM.exe
Token: SeDebugPrivilege	816	Surrogatedhcp.exe
Token: SeDebugPrivilege	3492	audiodg.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2100	7zFM.exe
2100	7zFM.exe
2100	7zFM.exe

Suspicious use of WriteProcessMemory 34 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 1740	2100	7zFM.exe	30
PID 2100 wrote to memory of 1740	2100	7zFM.exe	30
PID 2100 wrote to memory of 1740	2100	7zFM.exe	30
PID 1740 wrote to memory of 2752	1740	Fatalitycrack.exe	32
PID 1740 wrote to memory of 2752	1740	Fatalitycrack.exe	32
PID 1740 wrote to memory of 2752	1740	Fatalitycrack.exe	32
PID 1740 wrote to memory of 2756	1740	Fatalitycrack.exe	33
PID 1740 wrote to memory of 2756	1740	Fatalitycrack.exe	33
PID 1740 wrote to memory of 2756	1740	Fatalitycrack.exe	33
PID 1740 wrote to memory of 2756	1740	Fatalitycrack.exe	33
PID 2756 wrote to memory of 2776	2756	DCRatBuild.exe	34
PID 2756 wrote to memory of 2776	2756	DCRatBuild.exe	34
PID 2756 wrote to memory of 2776	2756	DCRatBuild.exe	34
PID 2756 wrote to memory of 2776	2756	DCRatBuild.exe	34
PID 2776 wrote to memory of 2644	2776	WScript.exe	35
PID 2776 wrote to memory of 2644	2776	WScript.exe	35
PID 2776 wrote to memory of 2644	2776	WScript.exe	35
PID 2776 wrote to memory of 2644	2776	WScript.exe	35
PID 2644 wrote to memory of 816	2644	cmd.exe	37
PID 2644 wrote to memory of 816	2644	cmd.exe	37
PID 2644 wrote to memory of 816	2644	cmd.exe	37
PID 2644 wrote to memory of 816	2644	cmd.exe	37
PID 816 wrote to memory of 3436	816	Surrogatedhcp.exe	38
PID 816 wrote to memory of 3436	816	Surrogatedhcp.exe	38
PID 816 wrote to memory of 3436	816	Surrogatedhcp.exe	38
PID 3436 wrote to memory of 3472	3436	cmd.exe	40
PID 3436 wrote to memory of 3472	3436	cmd.exe	40
PID 3436 wrote to memory of 3472	3436	cmd.exe	40
PID 3436 wrote to memory of 3480	3436	cmd.exe	41
PID 3436 wrote to memory of 3480	3436	cmd.exe	41
PID 3436 wrote to memory of 3480	3436	cmd.exe	41
PID 3436 wrote to memory of 3492	3436	cmd.exe	42
PID 3436 wrote to memory of 3492	3436	cmd.exe	42
PID 3436 wrote to memory of 3492	3436	cmd.exe	42

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Fatality.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Users\Admin\AppData\Local\Temp\7zO4388D8A6\Fatalitycrack.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4388D8A6\Fatalitycrack.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\WLsuO5XICEW6.exe
    "C:\Users\Admin\AppData\Local\Temp\WLsuO5XICEW6.exe"
    3⤵
    - Identifies VirtualBox via ACPI registry values (likely anti-VM)
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    PID:2752
- - C:\Users\Admin\AppData\Local\Temp\DCRatBuild.exe
    "C:\Users\Admin\AppData\Local\Temp\DCRatBuild.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Windows\SysWOW64\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\hypercomContainerComponentBroker\r6TN6dk8TN3cL4WmNNVKK2fqXDLdR59uhO2PJSNvjmngKwbXk.vbe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:2776
    - - C:\Windows\SysWOW64\cmd.exe
        
        cmd /c ""C:\hypercomContainerComponentBroker\zSGDNMBpHStdT.bat" "
        5⤵
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of WriteProcessMemory
        
        PID:2644
      - C:\hypercomContainerComponentBroker\Surrogatedhcp.exe
        
        "C:\hypercomContainerComponentBroker/Surrogatedhcp.exe"
        6⤵
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:816
        
        C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\CNFDHLzW5h.bat"
        7⤵
        Suspicious use of WriteProcessMemory
        
        PID:3436
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        8⤵
        
        PID:3472
        
        C:\Windows\system32\w32tm.exe
        
        w32tm /stripchart /computer:localhost /period:5 /dataonly /samples:2
        8⤵
        
        PID:3480
        
        C:\hypercomContainerComponentBroker\audiodg.exe
        
        "C:\hypercomContainerComponentBroker\audiodg.exe"
        8⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:3492

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7zO4388D8A6\Fatalitycrack.exe

Filesize
19.4MB

MD5
d031a36d3a08a1b2656c16f68af11dac

SHA1
543a1dccce2780c8de7e095179b0ffbc4dd6e8d3

SHA256
fa4f0134585e5b8d02680faaf617b0ae5cd5f3efbd8f94b0bd36435d3458bb16

SHA512
09810fed82df3d31d22a10acc5322265272ad99ca7d128dc7aaf1ea83063f4f38648716845754ec93e4d0e0aacf0e7a85beaeef7877282c3b9a967b4c9d6b399

Download Submit
C:\Users\Admin\AppData\Local\Temp\CNFDHLzW5h.bat

Filesize
223B

MD5
3d59173e6317c585bde999507f6af6bb

SHA1
17f2534733d0c12e3744d02504129062e501ca75

SHA256
8ade1ec89d7f65da84a97d8ddbb05ed203fc390f977ae0020415fea107ec5d13

SHA512
fd2dabe8c82c2032a6b0deb574a867a20627cef641d251d1c6099f488b24f121a3317f6dcdcc66e899ea313a0e84ba223f55660618f8d40da41785b89d8cbec0

Download Submit
C:\Users\Admin\AppData\Local\Temp\DCRatBuild.exe

Filesize
3.5MB

MD5
470074dc7a11099f9f802cdaf06d051c

SHA1
b5628a7b28044820b51a2f8914cfc59a2052b0da

SHA256
c8c37aa0fc86a37fdf921ba2ee0a8c4217413f5090a281af41622a55d0ef9ba7

SHA512
f1a40da2c8dee9e8152719e2f6c884d1410655367d45f76dcdf7fe89237a675a807663fc110ee56234017a4f986c8e3d8602bd78b8e903e393639d4f96f766fa

Download Submit
C:\hypercomContainerComponentBroker\r6TN6dk8TN3cL4WmNNVKK2fqXDLdR59uhO2PJSNvjmngKwbXk.vbe

Filesize
223B

MD5
b48a566aaec3ac177bdc1c2d4dceccf0

SHA1
a85abf71ef7afbae4294a2b0440b646156b59a90

SHA256
86417974cb8bb93d44b3abd99fda3aea11a44e2d8d0ea8b76ef1068a0c4e2838

SHA512
d2a72c397b3de2c961aaed28574e7983fac39db7812b3dc06738ccb5b4edc4c4becf7cf0c7766490cff4201bfb1370be4b59515d2936b826959f97c410ab5be2

Download Submit
C:\hypercomContainerComponentBroker\zSGDNMBpHStdT.bat

Filesize
93B

MD5
190e059ba6e91654129db6242e4fd95e

SHA1
c46f2d36bbf435228b01d0c93b96eec824834163

SHA256
e80ea00a9480179685edda49105c5b03a4281cba37383938d2f4c2d2eff2f308

SHA512
002991f30ec7b4b26c10c1a9bb01e7fd31e0ae18b641da814eb40aa6882c3b729eeaae27a439aa72605bfc931cb1c34dd98abd55e7d093e4141535f51395616c

Download Submit
\Users\Admin\AppData\Local\Temp\WLsuO5XICEW6.exe

Filesize
15.8MB

MD5
d7b4a1fee0438a582fcda3a05257d6c3

SHA1
7212da6349c6afad992cdcfbb9063a29cb0b70e9

SHA256
b649a20921a087cef6dbe82096e28e96dc58927a35ea3207648b44a8e27eaf0c

SHA512
99d306272bf8e68b4b9cf6a6fa432468dc41649a58943a8acb984192e5f0a1f40eb536f948f7b6a4f699c810b8f4cfb797a756e154c6a38617267a3ebaa7a180

Download Submit
\hypercomContainerComponentBroker\Surrogatedhcp.exe

Filesize
3.2MB

MD5
5057928fc79575adebb559f012db533e

SHA1
4fe1e112478cbf75ca73dc14050699512e1c09e6

SHA256
927bd0f358b4d63a52016ff80fc9cbd9ca3b054ebf1395fcb7e641ead687fa6a

SHA512
06d7827b01c31e2d3ae498b4971036cea61740ec21c9960fb3841007b0ad060e36071a6a1bf1e55fe5bdd9569d41081f45aafa0b423f81856016ec5bb200e2c8

Download Submit
memory/816-95-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-57-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-42-0x0000000001310000-0x0000000001318000-memory.dmp

Filesize
32KB

Download
memory/816-43-0x000000001B0C0000-0x000000001B456000-memory.dmp

Filesize
3.6MB

Download
memory/816-44-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-51-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-49-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-47-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-45-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-65-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-53-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-55-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-98-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-85-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-59-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-61-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-63-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-67-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-69-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-71-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-73-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-79-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-77-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-75-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-103-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-101-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-99-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-87-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-93-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-91-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-89-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-3644-0x0000000000B60000-0x0000000000B6C000-memory.dmp

Filesize
48KB

Download
memory/816-3646-0x000000001A830000-0x000000001A87E000-memory.dmp

Filesize
312KB

Download
memory/816-83-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-81-0x000000001B0C0000-0x000000001B44F000-memory.dmp

Filesize
3.6MB

Download
memory/816-3602-0x0000000000370000-0x0000000000396000-memory.dmp

Filesize
152KB

Download
memory/816-3606-0x00000000003B0000-0x00000000003CC000-memory.dmp

Filesize
112KB

Download
memory/816-3608-0x00000000003E0000-0x00000000003F0000-memory.dmp

Filesize
64KB

Download
memory/816-3604-0x00000000003A0000-0x00000000003AE000-memory.dmp

Filesize
56KB

Download
memory/816-3612-0x00000000003F0000-0x0000000000400000-memory.dmp

Filesize
64KB

Download
memory/816-3610-0x0000000000420000-0x0000000000438000-memory.dmp

Filesize
96KB

Download
memory/816-3614-0x0000000000410000-0x0000000000420000-memory.dmp

Filesize
64KB

Download
memory/816-3616-0x0000000000440000-0x000000000044E000-memory.dmp

Filesize
56KB

Download
memory/816-3620-0x0000000000AC0000-0x0000000000AD2000-memory.dmp

Filesize
72KB

Download
memory/816-3622-0x0000000000460000-0x0000000000470000-memory.dmp

Filesize
64KB

Download
memory/816-3618-0x0000000000450000-0x000000000045C000-memory.dmp

Filesize
48KB

Download
memory/816-3624-0x0000000000B00000-0x0000000000B16000-memory.dmp

Filesize
88KB

Download
memory/816-3626-0x0000000000B20000-0x0000000000B32000-memory.dmp

Filesize
72KB

Download
memory/816-3628-0x0000000000470000-0x000000000047E000-memory.dmp

Filesize
56KB

Download
memory/816-3630-0x0000000000610000-0x0000000000620000-memory.dmp

Filesize
64KB

Download
memory/816-3632-0x0000000000AE0000-0x0000000000AF0000-memory.dmp

Filesize
64KB

Download
memory/816-3634-0x0000000000D30000-0x0000000000D8A000-memory.dmp

Filesize
360KB

Download
memory/816-3636-0x0000000000AF0000-0x0000000000AFE000-memory.dmp

Filesize
56KB

Download
memory/816-3638-0x0000000000B40000-0x0000000000B50000-memory.dmp

Filesize
64KB

Download
memory/816-3640-0x0000000000B50000-0x0000000000B5E000-memory.dmp

Filesize
56KB

Download
memory/816-3642-0x0000000000C00000-0x0000000000C18000-memory.dmp

Filesize
96KB

Download
memory/1740-11-0x0000000001250000-0x00000000025B2000-memory.dmp

Filesize
19.4MB

Download
memory/1740-20-0x0000000140000000-0x000000014227E000-memory.dmp

Filesize
34.5MB

Download
memory/2752-24-0x0000000140000000-0x000000014227E000-memory.dmp

Filesize
34.5MB

Download
memory/2752-21-0x0000000140000000-0x000000014227E000-memory.dmp

Filesize
34.5MB

Download
memory/2752-23-0x0000000140000000-0x000000014227E000-memory.dmp

Filesize
34.5MB

Download
memory/2752-22-0x0000000140000000-0x000000014227E000-memory.dmp

Filesize
34.5MB

Download
memory/3492-3666-0x0000000000820000-0x0000000000828000-memory.dmp

Filesize
32KB

Download