Overview

overview

10

Static

static

10

02d4afb627...d9.exe

windows7-x64

10

02d4afb627...d9.exe

windows10-2004-x64

10

02d4afb627...d9.exe

android-9-x86

02d4afb627...d9.exe

android-10-x64

02d4afb627...d9.exe

android-11-x64

02d4afb627...d9.exe

macos-10.15-amd64

02d4afb627...d9.exe

ubuntu-18.04-amd64

02d4afb627...d9.exe

debian-9-armhf

02d4afb627...d9.exe

debian-9-mips

02d4afb627...d9.exe

debian-9-mipsel

Resubmissions

13-01-2025 05:27

250113-f5r2gazrfk 10

12-01-2025 20:06

250112-yvdp7sxlby 10

Analysis

  • max time kernel
    848s
  • max time network
    849s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    13-01-2025 05:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    02d4afb627db486201d4700854e390d9.exe

  • Size

    2.3MB

  • MD5

    02d4afb627db486201d4700854e390d9

  • SHA1

    f63533f82c2a434f9104ccc9beee3216796aeb14

  • SHA256

    46cf8f5e46c3dbdd32c5f300f6fd395a7f12c0ec611de9e518bf7312f187590c

  • SHA512

    0ccaa408f5e1e3481b413ab07dea2b77540e500097a7ab194f6052161517b2c29214d680e7731b9a39a300edf3b88a3b564f85c8008386099474e82c028109fc

  • SSDEEP

    49152:uAHOUI3tHsLi/P025up1V40tz/i4Eq/qo8ychEcMPbVxFAK6E00:uIQ3L/zULV/qWch7MPxxFh6E0

Score
10/10
dcratinfostealerrat

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • Process spawned unexpected child process 45 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • DCRat payload 14 IoCs

    Detects payload of DCRat, commonly dropped by NSIS installers.

    rat
  • Executes dropped EXE 12 IoCs
  • Drops file in Program Files directory 2 IoCs
  • Drops file in Windows directory 6 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Scheduled Task/Job: Scheduled Task 1 TTPs 45 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious use of AdjustPrivilegeToken 13 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\02d4afb627db486201d4700854e390d9.exe
    C:\Users\Admin\AppData\Local\Temp\02d4afb627db486201d4700854e390d9.exe cmd /c %SIGILL% "SIGTERM|DELETE|SIGKILL"
    1⤵
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2244
    • C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\02d4afb627db486201d4700854e390d9.exe
      "C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\02d4afb627db486201d4700854e390d9.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1780
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 8 /tr "'C:\Windows\Setup\State\csrss.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1912
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Windows\Setup\State\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2808
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 11 /tr "'C:\Windows\Setup\State\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2724
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d90" /sc MINUTE /mo 14 /tr "'C:\Users\Public\Videos\Sample Videos\02d4afb627db486201d4700854e390d9.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2836
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d9" /sc ONLOGON /tr "'C:\Users\Public\Videos\Sample Videos\02d4afb627db486201d4700854e390d9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2720
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d90" /sc MINUTE /mo 11 /tr "'C:\Users\Public\Videos\Sample Videos\02d4afb627db486201d4700854e390d9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1632
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "servicess" /sc MINUTE /mo 6 /tr "'C:\Windows\Resources\Ease of Access Themes\services.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2604
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "services" /sc ONLOGON /tr "'C:\Windows\Resources\Ease of Access Themes\services.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2832
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "servicess" /sc MINUTE /mo 6 /tr "'C:\Windows\Resources\Ease of Access Themes\services.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2844
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d90" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\02d4afb627db486201d4700854e390d9.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1804
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d9" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\02d4afb627db486201d4700854e390d9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2768
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d90" /sc MINUTE /mo 14 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\02d4afb627db486201d4700854e390d9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2652
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 8 /tr "'C:\Users\All Users\System.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2648
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "System" /sc ONLOGON /tr "'C:\Users\All Users\System.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2716
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "SystemS" /sc MINUTE /mo 10 /tr "'C:\Users\All Users\System.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:3040
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d90" /sc MINUTE /mo 10 /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\02d4afb627db486201d4700854e390d9.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:636
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d9" /sc ONLOGON /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\02d4afb627db486201d4700854e390d9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:3032
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "02d4afb627db486201d4700854e390d90" /sc MINUTE /mo 14 /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\02d4afb627db486201d4700854e390d9.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2996
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 8 /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\spoolsv.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:868
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2664
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 14 /tr "'C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1312
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "explorere" /sc MINUTE /mo 9 /tr "'C:\Users\All Users\Start Menu\explorer.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1684
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Users\All Users\Start Menu\explorer.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2880
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Users\All Users\Start Menu\explorer.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2696
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 8 /tr "'C:\MSOCache\All Users\taskhost.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1288
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\MSOCache\All Users\taskhost.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:3012
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 13 /tr "'C:\MSOCache\All Users\taskhost.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1308
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 12 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\spoolsv.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:3068
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2448
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 5 /tr "'C:\MSOCache\All Users\{90140000-001A-0409-0000-0000000FF1CE}-C\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2236
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 8 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSPPSVC.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2120
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "OSPPSVC" /sc ONLOGON /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSPPSVC.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1872
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "OSPPSVCO" /sc MINUTE /mo 11 /tr "'C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSPPSVC.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2068
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 5 /tr "'C:\Users\Default User\taskhost.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1704
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Users\Default User\taskhost.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1128
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 7 /tr "'C:\Users\Default User\taskhost.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1144
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Microsoft.NET\lsass.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2108
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsass" /sc ONLOGON /tr "'C:\Program Files (x86)\Microsoft.NET\lsass.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1480
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "lsassl" /sc MINUTE /mo 9 /tr "'C:\Program Files (x86)\Microsoft.NET\lsass.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1888
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 13 /tr "'C:\Users\Admin\Searches\csrss.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1344
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrss" /sc ONLOGON /tr "'C:\Users\Admin\Searches\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2572
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "csrssc" /sc MINUTE /mo 6 /tr "'C:\Users\Admin\Searches\csrss.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:880
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 8 /tr "'C:\Users\Public\Desktop\spoolsv.exe'" /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:2008
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsv" /sc ONLOGON /tr "'C:\Users\Public\Desktop\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:1372
  • C:\Windows\system32\schtasks.exe
    schtasks.exe /create /tn "spoolsvs" /sc MINUTE /mo 13 /tr "'C:\Users\Public\Desktop\spoolsv.exe'" /rl HIGHEST /f
    1⤵
    • Process spawned unexpected child process
    • Scheduled Task/Job: Scheduled Task
    PID:812
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {96880858-8D85-45EB-8EAA-2E75B3B77BF4} S-1-5-21-4177215427-74451935-3209572229-1000:JSMURNPT\Admin:Interactive:[1]
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2520
    • C:\Windows\Resources\Ease of Access Themes\services.exe
      "C:\Windows\Resources\Ease of Access Themes\services.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:3008
    • C:\Users\Default User\taskhost.exe
      "C:\Users\Default User\taskhost.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2612
    • C:\Users\Public\Desktop\spoolsv.exe
      C:\Users\Public\Desktop\spoolsv.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1756
    • C:\Users\All Users\System.exe
      "C:\Users\All Users\System.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:2092
    • C:\Program Files (x86)\Microsoft.NET\lsass.exe
      "C:\Program Files (x86)\Microsoft.NET\lsass.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of AdjustPrivilegeToken
      PID:3052
    • C:\Users\All Users\Start Menu\explorer.exe
      "C:\Users\All Users\Start Menu\explorer.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2152
    • C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\02d4afb627db486201d4700854e390d9.exe
      C:\Recovery\18fc4542-69f6-11ef-a46c-62cb582c238c\02d4afb627db486201d4700854e390d9.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1788
    • C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSPPSVC.exe
      "C:\MSOCache\All Users\{90140000-001B-0409-0000-0000000FF1CE}-C\OSPPSVC.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2360
    • C:\Windows\Resources\Ease of Access Themes\services.exe
      "C:\Windows\Resources\Ease of Access Themes\services.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1796
    • C:\Users\Admin\Searches\csrss.exe
      C:\Users\Admin\Searches\csrss.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1872
    • C:\Users\Default User\taskhost.exe
      "C:\Users\Default User\taskhost.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2216

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\System.exe
    Filesize

    2.3MB

    MD5

    02d4afb627db486201d4700854e390d9

    SHA1

    f63533f82c2a434f9104ccc9beee3216796aeb14

    SHA256

    46cf8f5e46c3dbdd32c5f300f6fd395a7f12c0ec611de9e518bf7312f187590c

    SHA512

    0ccaa408f5e1e3481b413ab07dea2b77540e500097a7ab194f6052161517b2c29214d680e7731b9a39a300edf3b88a3b564f85c8008386099474e82c028109fc

    Download Submit

  • memory/1756-61-0x00000000012C0000-0x000000000150E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1780-47-0x0000000000620000-0x0000000000632000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1780-46-0x0000000000DC0000-0x0000000000E16000-memory.dmp

    Filesize

    344KB

    Download

  • memory/1780-45-0x0000000000FC0000-0x000000000120E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1788-72-0x0000000000DC0000-0x000000000100E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1796-78-0x0000000001330000-0x000000000157E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/1872-82-0x0000000000190000-0x00000000001A2000-memory.dmp

    Filesize

    72KB

    Download

  • memory/1872-81-0x00000000001A0000-0x00000000003EE000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2092-62-0x00000000003D0000-0x000000000061E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2152-69-0x0000000000170000-0x0000000000182000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2152-68-0x00000000013B0000-0x00000000015FE000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2216-84-0x0000000001150000-0x000000000139E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2216-85-0x0000000000160000-0x0000000000172000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2244-7-0x0000000000750000-0x000000000075E000-memory.dmp

    Filesize

    56KB

    Download

  • memory/2244-4-0x00000000002E0000-0x00000000002F6000-memory.dmp

    Filesize

    88KB

    Download

  • memory/2244-1-0x00000000003E0000-0x000000000062E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2244-2-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2244-3-0x00000000002C0000-0x00000000002DC000-memory.dmp

    Filesize

    112KB

    Download

  • memory/2244-5-0x0000000000390000-0x00000000003E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/2244-6-0x0000000000300000-0x0000000000312000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2244-44-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

    Filesize

    9.9MB

    Download

  • memory/2244-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

    Filesize

    4KB

    Download

  • memory/2360-75-0x0000000001010000-0x000000000125E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2360-76-0x0000000000250000-0x0000000000262000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2612-54-0x0000000000AD0000-0x0000000000D1E000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/2612-56-0x0000000000A80000-0x0000000000A92000-memory.dmp

    Filesize

    72KB

    Download

  • memory/2612-55-0x0000000000490000-0x00000000004E6000-memory.dmp

    Filesize

    344KB

    Download

  • memory/3008-50-0x0000000001260000-0x00000000014AE000-memory.dmp

    Filesize

    2.3MB

    Download

  • memory/3008-51-0x0000000000250000-0x0000000000262000-memory.dmp

    Filesize

    72KB

    Download

  • memory/3052-67-0x00000000001D0000-0x000000000041E000-memory.dmp

    Filesize

    2.3MB

    Download