Overview

overview

10

Static

static

10

0468a48ea4...66.exe

windows7-x64

10

0468a48ea4...66.exe

windows10-2004-x64

10

04a0d422bf...89.exe

windows7-x64

10

04a0d422bf...89.exe

windows10-2004-x64

10

04b096c64a...8c.exe

windows7-x64

10

04b096c64a...8c.exe

windows10-2004-x64

10

04f053e37f...9e.exe

windows7-x64

7

04f053e37f...9e.exe

windows10-2004-x64

7

051d54e80e...d9.exe

windows7-x64

10

051d54e80e...d9.exe

windows10-2004-x64

10

055434cfbf...10.exe

windows7-x64

10

055434cfbf...10.exe

windows10-2004-x64

10

056237071f...6f.exe

windows7-x64

8

056237071f...6f.exe

windows10-2004-x64

8

05bc9e2415...85.exe

windows7-x64

10

05bc9e2415...85.exe

windows10-2004-x64

10

063e970822...53.exe

windows7-x64

10

063e970822...53.exe

windows10-2004-x64

10

067dba33ec...10.exe

windows7-x64

10

067dba33ec...10.exe

windows10-2004-x64

10

069e1d61a6...6c.exe

windows7-x64

7

069e1d61a6...6c.exe

windows10-2004-x64

7

06abb382ad...1f.exe

windows7-x64

10

06abb382ad...1f.exe

windows10-2004-x64

10

070c765850...3b.exe

windows7-x64

10

070c765850...3b.exe

windows10-2004-x64

10

071dc8716c...f5.exe

windows7-x64

10

071dc8716c...f5.exe

windows10-2004-x64

10

071eca8631...c1.exe

windows7-x64

10

071eca8631...c1.exe

windows10-2004-x64

10

0736e2c073...47.exe

windows7-x64

10

0736e2c073...47.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    164s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    067dba33ec6de2a7e733bb64a32ebb10.exe

  • Size

    5.9MB

  • MD5

    067dba33ec6de2a7e733bb64a32ebb10

  • SHA1

    dbc8075ee823d50d3a6a058d582ee417e51b32fb

  • SHA256

    268c2bd3bec29465845b7dc6d979a366f4f155e406ce4486ba41953061641f35

  • SHA512

    de4efdcf0984e4368b60e2c52a276d0a4d24aa4348eb46aafc66e47c4729e1c49b0446b5b7a4e3483e4a8437bacace125d0710da9fbac9ad988c8328d7ee088e

  • SSDEEP

    98304:ByeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw4V:ByeU11Rvqmu8TWKnF6N/1wU

Score
10/10
dcratdefense_evasionexecutioninfostealerrattrojan

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • Process spawned unexpected child process 9 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • UAC bypass 3 TTPs 12 IoCs
    defense_evasiontrojan
  • Command and Scripting Interpreter: PowerShell 1 TTPs 12 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks whether UAC is enabled 1 TTPs 8 IoCs
    defense_evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Scheduled Task/Job: Scheduled Task 1 TTPs 9 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • System policy modification 1 TTPs 12 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\067dba33ec6de2a7e733bb64a32ebb10.exe
    "C:\Users\Admin\AppData\Local\Temp\067dba33ec6de2a7e733bb64a32ebb10.exe"
    1⤵
    • UAC bypass
    • Drops file in Drivers directory
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2188
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2660
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1972
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2076
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/MSOCache/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1068
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:940
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2168
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2028
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1100
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2252
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:528
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1172
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1352
    • C:\Windows\Resources\WmiPrvSE.exe
      "C:\Windows\Resources\WmiPrvSE.exe"
      2⤵
      • UAC bypass
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:3020
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\3d0e39c5-aed6-447c-93b6-137cf0d82b65.vbs"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:1752
        • C:\Windows\Resources\WmiPrvSE.exe
          C:\Windows\Resources\WmiPrvSE.exe
          4⤵
          • UAC bypass
          • Executes dropped EXE
          • Checks whether UAC is enabled
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2648
          • C:\Windows\System32\WScript.exe
            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\248c9f3d-621e-4eb0-8f3a-cdcafe28fb8f.vbs"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:3012
            • C:\Windows\Resources\WmiPrvSE.exe
              C:\Windows\Resources\WmiPrvSE.exe
              6⤵
              • UAC bypass
              • Executes dropped EXE
              • Checks whether UAC is enabled
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:2076
              • C:\Windows\System32\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\9f5759aa-bc28-4a11-a9d2-bc2b3d1447bc.vbs"
                7⤵
                  PID:1920
                • C:\Windows\System32\WScript.exe
                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\0aeb1cb8-fe7c-4822-974c-7d75a725e374.vbs"
                  7⤵
                    PID:2880
              • C:\Windows\System32\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\607aaaee-3985-4398-8885-6bd608292f1d.vbs"
                5⤵
                  PID:1516
            • C:\Windows\System32\WScript.exe
              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\9e89cce3-691f-4de9-a686-276bb1a5e1f1.vbs"
              3⤵
                PID:2776
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "explorere" /sc MINUTE /mo 13 /tr "'C:\Program Files (x86)\Windows Sidebar\fr-FR\explorer.exe'" /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2740
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files (x86)\Windows Sidebar\fr-FR\explorer.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:1580
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "explorere" /sc MINUTE /mo 6 /tr "'C:\Program Files (x86)\Windows Sidebar\fr-FR\explorer.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2376
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 6 /tr "'C:\Windows\Resources\WmiPrvSE.exe'" /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2296
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "WmiPrvSE" /sc ONLOGON /tr "'C:\Windows\Resources\WmiPrvSE.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:1616
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "WmiPrvSEW" /sc MINUTE /mo 14 /tr "'C:\Windows\Resources\WmiPrvSE.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2832
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 14 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\wininit.exe'" /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:1136
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "wininit" /sc ONLOGON /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\wininit.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:1868
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "wininitw" /sc MINUTE /mo 9 /tr "'C:\Recovery\31f19e42-8726-11ef-be9a-dab21757c799\wininit.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:384

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\Local\Temp\248c9f3d-621e-4eb0-8f3a-cdcafe28fb8f.vbs
            Filesize

            709B

            MD5

            4bdfa3ca0f17e7ad4b44b7b8edac2a45

            SHA1

            181cf90fe4a2f99738d000455fbdd6902c2d5341

            SHA256

            5b5aad5f72a0aa142f18b346aac9ef6f6ff4d5c13045ce6920b36fbf681a70dc

            SHA512

            51ca5b67e45f40fc3e29d8de0aafa045f73861070f9761bea037dbe4d85538533f223bdc1b60736f22d0bf0cfd4ad8c73d9198347424f859077e31e66c2bd58f

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\3d0e39c5-aed6-447c-93b6-137cf0d82b65.vbs
            Filesize

            709B

            MD5

            33d4ea0135e2d0da5018e8cc080f9eef

            SHA1

            e5eeaf973f0c7fef0564c8602a51201405224de0

            SHA256

            c3e85f6a0afcb821ecef7317e7ad47cf12500bd941a6728eabda948c79866b0a

            SHA512

            f8a5eb334ef56fa92f87bcf26200a9491bcefe5f8a52921a2dc9f58f820981a50e6c698055c69c67f0c0680ba7a03920772cd308d711a3e8ccd92d667f8e244b

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\9e89cce3-691f-4de9-a686-276bb1a5e1f1.vbs
            Filesize

            485B

            MD5

            656dc04330a7d84c8564c40a8c78348c

            SHA1

            530e1b7dfd4a2ea1281af088fbee09d72187bb2b

            SHA256

            fdd7fca3734232c2272227500889fad1ffe160fade1ded4b4eac9a9fca3ca4ad

            SHA512

            ebe0219949fd9df626049bd5637400aa810c68fedf8ee0b8fb95b81d6216ca8809542a9e1e256c07cd600bc76206700cb952528b3db17cfec81998ca05e1916d

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\9f5759aa-bc28-4a11-a9d2-bc2b3d1447bc.vbs
            Filesize

            709B

            MD5

            bcf8964c7578057f82ccdc0d0e1b8400

            SHA1

            7b4986bdb9db197212f21edd2eda3e78ae92abcb

            SHA256

            84d14287d386827d862c87debf60228e894cc736600920110d78bef79b649b21

            SHA512

            45f26a2fe6381b5e80e59b2a68025c25be8f1ae0792d29cf32ca8dd130816c513bc2e3466ca8db931145e6e49ccd7ed5b9a22fcc6cfe2a077217862576fc8cab

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\RCX38FC.tmp
            Filesize

            5.9MB

            MD5

            067dba33ec6de2a7e733bb64a32ebb10

            SHA1

            dbc8075ee823d50d3a6a058d582ee417e51b32fb

            SHA256

            268c2bd3bec29465845b7dc6d979a366f4f155e406ce4486ba41953061641f35

            SHA512

            de4efdcf0984e4368b60e2c52a276d0a4d24aa4348eb46aafc66e47c4729e1c49b0446b5b7a4e3483e4a8437bacace125d0710da9fbac9ad988c8328d7ee088e

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            7KB

            MD5

            2e97957641f9dfa61c4afc931412002f

            SHA1

            e14b1bc5ce1af8c507e2f10141009b710135c8c3

            SHA256

            ee6c8f9fc2a911bcbfe0b2c8fe8de3512f773540992f96799bf765ee71bad230

            SHA512

            5d99a1cd5ffcfae0ff279f755540a51b9fcc274298e1777595e1a74c062c9d759ea6ad01cef9e9aeaf61f03b67b28d70554973e029b48cfcf25efabf5a885ffa

            Download Submit

          • C:\Windows\Resources\WmiPrvSE.exe
            Filesize

            5.9MB

            MD5

            a8c3e8b0cddf8aeafb5cb0b1cde1bdb7

            SHA1

            5602fa598d26bed10532bbe9a5df4f27c781e186

            SHA256

            4102f9e6ceb16189eeede28bb24074e6c99876e6d536a952556a4ccd9ecf00bf

            SHA512

            872d4c8d1cbcf5cb31793b97733b543c0c1cee5767d7de550d256d23565eb157fe57db1317a99287f40fde0e1f30bfe28a1ad79ed62ed495d2b94ed0cc5c52a6

            Download Submit

          • memory/528-142-0x000000001B3E0000-0x000000001B6C2000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/1100-141-0x00000000025A0000-0x00000000025A8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2076-175-0x0000000000BF0000-0x00000000014E8000-memory.dmp

            Filesize

            9.0MB

            Download

          • memory/2188-30-0x000000001BBB0000-0x000000001BBBC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-39-0x000000001BD50000-0x000000001BD5C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-13-0x000000001B390000-0x000000001B39C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-11-0x000000001AF80000-0x000000001AF88000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-14-0x000000001B4D0000-0x000000001B4D8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-15-0x000000001B360000-0x000000001B370000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2188-16-0x000000001B380000-0x000000001B38A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2188-17-0x000000001B4E0000-0x000000001B536000-memory.dmp

            Filesize

            344KB

            Download

          • memory/2188-18-0x000000001B3A0000-0x000000001B3AC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-19-0x000000001B3B0000-0x000000001B3B8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-23-0x000000001B540000-0x000000001B552000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2188-21-0x000000001B530000-0x000000001B538000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-20-0x000000001B4C0000-0x000000001B4CC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-24-0x000000001B550000-0x000000001B55C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-25-0x000000001B5F0000-0x000000001B5FC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-27-0x000000001B990000-0x000000001B99C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-0-0x000007FEF58E3000-0x000007FEF58E4000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2188-34-0x000000001BC00000-0x000000001BC0E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2188-36-0x000000001BC20000-0x000000001BC2C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-35-0x000000001BC10000-0x000000001BC18000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-38-0x000000001BC40000-0x000000001BC4A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2188-12-0x000000001B370000-0x000000001B382000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2188-37-0x000000001BC30000-0x000000001BC38000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-33-0x000000001BBF0000-0x000000001BBF8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-32-0x000000001BBE0000-0x000000001BBEE000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2188-31-0x000000001BBD0000-0x000000001BBDA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2188-29-0x000000001BBC0000-0x000000001BBC8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-28-0x000000001B9A0000-0x000000001B9AC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2188-26-0x000000001B980000-0x000000001B988000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-42-0x000007FEF58E3000-0x000007FEF58E4000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2188-8-0x0000000000BC0000-0x0000000000BC8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-10-0x000000001AF60000-0x000000001AF76000-memory.dmp

            Filesize

            88KB

            Download

          • memory/2188-9-0x000000001AF50000-0x000000001AF60000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2188-6-0x0000000000B90000-0x0000000000B98000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2188-7-0x0000000000BA0000-0x0000000000BBC000-memory.dmp

            Filesize

            112KB

            Download

          • memory/2188-1-0x0000000000CC0000-0x00000000015B8000-memory.dmp

            Filesize

            9.0MB

            Download

          • memory/2188-149-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2188-5-0x0000000000B80000-0x0000000000B8E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2188-4-0x00000000005E0000-0x00000000005EE000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2188-2-0x0000000000540000-0x0000000000541000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2188-3-0x000007FEF58E0000-0x000007FEF62CC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2648-163-0x0000000002910000-0x0000000002922000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2648-161-0x0000000000270000-0x0000000000B68000-memory.dmp

            Filesize

            9.0MB

            Download

          • memory/3020-148-0x0000000001140000-0x0000000001A38000-memory.dmp

            Filesize

            9.0MB

            Download