Overview

overview

10

Static

static

10

e1dcb9ba72...29.exe

windows7-x64

3

e1dcb9ba72...29.exe

windows10-2004-x64

3

e2071b429e...5c.exe

windows7-x64

10

e2071b429e...5c.exe

windows10-2004-x64

10

e249dbf0ac...f4.exe

windows7-x64

8

e249dbf0ac...f4.exe

windows10-2004-x64

8

e277271cc7...e8.exe

windows7-x64

10

e277271cc7...e8.exe

windows10-2004-x64

10

e282def0d2...89.exe

windows7-x64

10

e282def0d2...89.exe

windows10-2004-x64

10

e29645b977...39.exe

windows7-x64

7

e29645b977...39.exe

windows10-2004-x64

7

e2bfb9c5da...0c.exe

windows7-x64

1

e2bfb9c5da...0c.exe

windows10-2004-x64

1

e316eea789...fa.exe

windows7-x64

1

e316eea789...fa.exe

windows10-2004-x64

1

e3250ba3e9...f9.exe

windows7-x64

10

e3250ba3e9...f9.exe

windows10-2004-x64

10

e34a914ca2...b1.exe

windows7-x64

10

e34a914ca2...b1.exe

windows10-2004-x64

10

e37b2913aa...c6.exe

windows7-x64

10

e37b2913aa...c6.exe

windows10-2004-x64

10

e37c63b72b...0d.exe

windows7-x64

10

e37c63b72b...0d.exe

windows10-2004-x64

10

e37cf80804...e0.exe

windows7-x64

10

e37cf80804...e0.exe

windows10-2004-x64

10

e3a2f6c598...82.exe

windows7-x64

1

e3a2f6c598...82.exe

windows10-2004-x64

1

e3a86fc42d...62.exe

windows7-x64

9

e3a86fc42d...62.exe

windows10-2004-x64

9

e3e3053d34...10.exe

windows7-x64

10

e3e3053d34...10.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20250207-en
  • resource tags

    arch:x64arch:x86image:win7-20250207-enlocale:en-usos:windows7-x64system
  • submitted
    22/03/2025, 06:17

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    e277271cc70bc12cb5a62950728025e8.exe

  • Size

    5.9MB

  • MD5

    e277271cc70bc12cb5a62950728025e8

  • SHA1

    f49e565e7e17473bf473727846744436622083eb

  • SHA256

    cabbb23bfd4c9f0ee454f1c072f963b938281c38dc7d14cfe62629e23f96dfda

  • SHA512

    dcc1aff642ab495007d83906e3316cde8c0f36c1a902abf2c6bcd9991b1ee7fbecc3bb4e281ffc2f25d1e6c5531179deba529d177b757ab89e9a9872e2712feb

  • SSDEEP

    98304:RyeUxPQ0JMLyWIvqrhH05I8TderKjHDFUh9HkEXJfw47:RyeU11Rvqmu8TWKnF6N/1wi

Score
10/10
dcratdefense_evasionexecutioninfostealerrattrojan

Malware Config

Signatures

  • DcRat

    DarkCrystal(DC) is a new .NET RAT active since June 2019 capable of loading additional plugins.

    ratinfostealerdcrat
  • Dcrat family
    dcrat
  • Process spawned unexpected child process 6 IoCs

    This typically indicates the parent process was compromised via an exploit or macro.

  • UAC bypass 3 TTPs 12 IoCs
    defense_evasiontrojan
  • Command and Scripting Interpreter: PowerShell 1 TTPs 12 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Drops file in Drivers directory 1 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks whether UAC is enabled 1 TTPs 8 IoCs
    defense_evasiontrojan
  • Suspicious use of NtSetInformationThreadHideFromDebugger 8 IoCs
  • Drops file in Program Files directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Scheduled Task/Job: Scheduled Task 1 TTPs 6 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistenceexecution
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of AdjustPrivilegeToken 16 IoCs
  • Suspicious use of WriteProcessMemory 63 IoCs
  • System policy modification 1 TTPs 12 IoCs
    defense_evasion
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence

Processes

  • C:\Users\Admin\AppData\Local\Temp\e277271cc70bc12cb5a62950728025e8.exe
    "C:\Users\Admin\AppData\Local\Temp\e277271cc70bc12cb5a62950728025e8.exe"
    1⤵
    • UAC bypass
    • Drops file in Drivers directory
    • Checks whether UAC is enabled
    • Suspicious use of NtSetInformationThreadHideFromDebugger
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    • System policy modification
    PID:2232
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2748
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/$Recycle.Bin/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2920
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Documents and Settings/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2992
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/MSOCache/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2864
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/PerfLogs/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2788
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2320
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Program Files (x86)/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1984
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/ProgramData/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1668
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Recovery/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:356
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/System Volume Information/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1688
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Users/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1148
    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      "powershell" -Command Add-MpPreference -ExclusionPath 'C:/Windows/'
      2⤵
      • Command and Scripting Interpreter: PowerShell
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:1488
    • C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe
      "C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe"
      2⤵
      • UAC bypass
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      • System policy modification
      PID:1516
      • C:\Windows\System32\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5bd2459e-fc3c-4d61-bbdb-1086ef824042.vbs"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2124
        • C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe
          C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe
          4⤵
          • UAC bypass
          • Executes dropped EXE
          • Checks whether UAC is enabled
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          • System policy modification
          PID:2324
          • C:\Windows\System32\WScript.exe
            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\5e92cf4f-cbb5-4c60-ba12-f6349cdc53b3.vbs"
            5⤵
            • Suspicious use of WriteProcessMemory
            PID:2540
            • C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe
              C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe
              6⤵
              • UAC bypass
              • Executes dropped EXE
              • Checks whether UAC is enabled
              • Suspicious use of NtSetInformationThreadHideFromDebugger
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of WriteProcessMemory
              • System policy modification
              PID:1628
              • C:\Windows\System32\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\34782f09-daed-4ee6-bc06-808ddab3463a.vbs"
                7⤵
                  PID:1148
                • C:\Windows\System32\WScript.exe
                  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\6e30a81d-d18b-4af6-ab42-3aa70746444b.vbs"
                  7⤵
                    PID:1684
              • C:\Windows\System32\WScript.exe
                "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\1263256f-6667-41d8-a810-5694a5879c03.vbs"
                5⤵
                  PID:2296
            • C:\Windows\System32\WScript.exe
              "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\a8f29589-a6d4-48db-b980-918553ba8c30.vbs"
              3⤵
                PID:2980
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 14 /tr "'C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe'" /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2160
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "taskhost" /sc ONLOGON /tr "'C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2036
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "taskhostt" /sc MINUTE /mo 5 /tr "'C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2856
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "explorere" /sc MINUTE /mo 8 /tr "'C:\Program Files\Windows Sidebar\es-ES\explorer.exe'" /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2696
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "explorer" /sc ONLOGON /tr "'C:\Program Files\Windows Sidebar\es-ES\explorer.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2728
          • C:\Windows\system32\schtasks.exe
            schtasks.exe /create /tn "explorere" /sc MINUTE /mo 7 /tr "'C:\Program Files\Windows Sidebar\es-ES\explorer.exe'" /rl HIGHEST /f
            1⤵
            • Process spawned unexpected child process
            • Scheduled Task/Job: Scheduled Task
            PID:2012

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Recovery\8490d022-e5e1-11ef-8fd8-4a893fa2fe1c\taskhost.exe
            Filesize

            5.9MB

            MD5

            e277271cc70bc12cb5a62950728025e8

            SHA1

            f49e565e7e17473bf473727846744436622083eb

            SHA256

            cabbb23bfd4c9f0ee454f1c072f963b938281c38dc7d14cfe62629e23f96dfda

            SHA512

            dcc1aff642ab495007d83906e3316cde8c0f36c1a902abf2c6bcd9991b1ee7fbecc3bb4e281ffc2f25d1e6c5531179deba529d177b757ab89e9a9872e2712feb

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\34782f09-daed-4ee6-bc06-808ddab3463a.vbs
            Filesize

            737B

            MD5

            87e57e33682714efc0a093ace0b3cbbd

            SHA1

            113dfa5ac0041815fcba49e490173c1fc834dd0b

            SHA256

            a2cd3dc5e702c12e82bd924f125932e73c6ff5484ea96a9ad434f7926c57c610

            SHA512

            5dfd4ee26af12d0ceb6b78a3bb1d1be3ad096202c7c34f68d16e8411df137ea9388a4b5951bf065365c3d4cf17755e7f904e8cad8bbcad66753a4888995a7508

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\5bd2459e-fc3c-4d61-bbdb-1086ef824042.vbs
            Filesize

            737B

            MD5

            a16df21afd9293cc3ca75c0bd48be27b

            SHA1

            193afc025f849a64fb56563b066b5f273abd7f45

            SHA256

            021c75927c21ef6d6471dfefe76c8f2606b706368693f0f29ae68692dbcd3a4e

            SHA512

            19e4d7e848fcb0b06f213b6f2627d8e14a8334bc49d556910de9cd8c8a638446a2c0cd124e758a571f5a2c7ec9be2ee00ed9ebe306820aaa5d0c710f922c5b79

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\5e92cf4f-cbb5-4c60-ba12-f6349cdc53b3.vbs
            Filesize

            737B

            MD5

            a7854e5a0a387ade42079fab44cd562b

            SHA1

            96d4162b6145652cc070f6c80034b9b54dce36cc

            SHA256

            3168998d4503bc6113a12e6674e0eced3f0f61b25332be8ad4634a7ab9c3ee4a

            SHA512

            bbde79bdcf96b0d5e1c22b6134c2633588d93918b0b8ab8ed09c52d118e183f147a03d6cd9d5128b0840283c12335d2ca04bbd9f46d236015ee468f1f95817a2

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\a8f29589-a6d4-48db-b980-918553ba8c30.vbs
            Filesize

            513B

            MD5

            c3369182102898914146a6a30681ce4f

            SHA1

            7516d8206c94add1b1293041095c6478dcdf0617

            SHA256

            cab6faff4d11dfca0361c16b6e055339e652c48b4c3b0fe0773a0ee894d15664

            SHA512

            5a2a5f59f6fa3bf385a623033641af6293fe861a58ebb0b07641b77b06c3c33a37c6294b1cc0cf01c4d701becbbe67cdb2a84fa6c00e33a60694291b4d4f9127

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
            Filesize

            7KB

            MD5

            4727287d7082111c11502e61c4d6c573

            SHA1

            8c5ecb169731740062b818e23270a25b2843046d

            SHA256

            28dc91024dec77503c388aab0b37931bc48775a8db09d10810cdb616d78132b1

            SHA512

            1c4f569d431078fb7e489aebed09eb4f2a9f7e8648ea61be120a53c69bf01d95107d4fde35527a13946ae192c16313e32bd49a4f758c847e7951ac1fec5764fb

            Download Submit

          • memory/1516-146-0x000000001B4D0000-0x000000001B4E2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1516-145-0x000000001B460000-0x000000001B4B6000-memory.dmp

            Filesize

            344KB

            Download

          • memory/1516-144-0x0000000000CD0000-0x0000000000CE2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/1516-142-0x0000000001390000-0x0000000001C88000-memory.dmp

            Filesize

            9.0MB

            Download

          • memory/1628-170-0x00000000004B0000-0x00000000004C2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2232-13-0x0000000000E80000-0x0000000000E8C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-33-0x000000001B010000-0x000000001B018000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-0-0x000007FEF55B3000-0x000007FEF55B4000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2232-14-0x0000000000EA0000-0x0000000000EA8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-15-0x0000000000EB0000-0x0000000000EC0000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2232-16-0x0000000000EC0000-0x0000000000ECA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2232-17-0x0000000002800000-0x0000000002856000-memory.dmp

            Filesize

            344KB

            Download

          • memory/2232-18-0x00000000010E0000-0x00000000010EC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-19-0x0000000002920000-0x0000000002928000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-20-0x0000000002930000-0x000000000293C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-21-0x0000000002940000-0x0000000002948000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-23-0x0000000002AE0000-0x0000000002AF2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2232-24-0x0000000002B10000-0x0000000002B1C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-25-0x0000000002B20000-0x0000000002B2C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-26-0x0000000002B30000-0x0000000002B38000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-27-0x0000000002B40000-0x0000000002B4C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-28-0x000000001AFD0000-0x000000001AFDC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-29-0x000000001B020000-0x000000001B028000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-30-0x000000001AFE0000-0x000000001AFEC000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-31-0x000000001AFF0000-0x000000001AFFA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2232-32-0x000000001B000000-0x000000001B00E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2232-12-0x0000000000E90000-0x0000000000EA2000-memory.dmp

            Filesize

            72KB

            Download

          • memory/2232-34-0x000000001B030000-0x000000001B03E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2232-35-0x000000001B040000-0x000000001B048000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-36-0x000000001B050000-0x000000001B05C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-37-0x000000001B610000-0x000000001B618000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-38-0x000000001B620000-0x000000001B62A000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2232-39-0x000000001B630000-0x000000001B63C000-memory.dmp

            Filesize

            48KB

            Download

          • memory/2232-11-0x0000000000B70000-0x0000000000B78000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-10-0x0000000000B50000-0x0000000000B66000-memory.dmp

            Filesize

            88KB

            Download

          • memory/2232-1-0x0000000000110000-0x0000000000A08000-memory.dmp

            Filesize

            9.0MB

            Download

          • memory/2232-2-0x0000000000A30000-0x0000000000A31000-memory.dmp

            Filesize

            4KB

            Download

          • memory/2232-9-0x0000000000B40000-0x0000000000B50000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2232-141-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2232-8-0x0000000000AA0000-0x0000000000AA8000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-7-0x0000000000A80000-0x0000000000A9C000-memory.dmp

            Filesize

            112KB

            Download

          • memory/2232-6-0x0000000000A70000-0x0000000000A78000-memory.dmp

            Filesize

            32KB

            Download

          • memory/2232-5-0x0000000000A60000-0x0000000000A6E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2232-4-0x0000000000A50000-0x0000000000A5E000-memory.dmp

            Filesize

            56KB

            Download

          • memory/2232-3-0x000007FEF55B0000-0x000007FEF5F9C000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2864-89-0x000000001B710000-0x000000001B9F2000-memory.dmp

            Filesize

            2.9MB

            Download

          • memory/2864-90-0x0000000001EF0000-0x0000000001EF8000-memory.dmp

            Filesize

            32KB

            Download