e72b0bdfcde42b79c8b9266fc25c37d62a2c536d33c32eb6dcb4e2a17961f2ff

Analysis

max time kernel
60s
max time network
58s
platform
windows11-21h2_x64
resource
win11-20240704-en
resource tags

arch:x64arch:x86image:win11-20240704-enlocale:en-usos:windows11-21h2-x64system
submitted
05-07-2024 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

newdcnyash/DCRat.exe
Size

72KB
MD5

2c7d37e90dd8ab57d06dad5bc7956885
SHA1

da789c107c4c68b8250b6589e45e5a3cf7a9a143
SHA256

5ede5d774ab65f25357cf5a1fa5e354f6f2a9868651a0fa717485802b21b1939
SHA512

e74ae891771bfd9c6fcdfbe8e4f33f0d5f7c3457cd84b257500cdaf8fa8b16fe458a18db9b3a60591465982fc2871f4c3f2e7541c765f00a0516f805e7e9ca0f
SSDEEP

768:P7Zw33FNUf6Nhd/fQ1l+0vM0iT9HvMB90d24:zZ2FWSNhd/4131i89p4

Score

6^/10

motw phishing

Malware Config

Signatures

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

2 https://t.me/DarkCrystalRAT/33?embed=1&mode=tme

flow	ioc
2	https://t.me/DarkCrystalRAT/33?embed=1&mode=tme

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exeWMIC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	1556	WMIC.exe
Token: SeSecurityPrivilege	1556	WMIC.exe
Token: SeTakeOwnershipPrivilege	1556	WMIC.exe
Token: SeLoadDriverPrivilege	1556	WMIC.exe
Token: SeSystemProfilePrivilege	1556	WMIC.exe
Token: SeSystemtimePrivilege	1556	WMIC.exe
Token: SeProfSingleProcessPrivilege	1556	WMIC.exe
Token: SeIncBasePriorityPrivilege	1556	WMIC.exe
Token: SeCreatePagefilePrivilege	1556	WMIC.exe
Token: SeBackupPrivilege	1556	WMIC.exe
Token: SeRestorePrivilege	1556	WMIC.exe
Token: SeShutdownPrivilege	1556	WMIC.exe
Token: SeDebugPrivilege	1556	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1556	WMIC.exe
Token: SeRemoteShutdownPrivilege	1556	WMIC.exe
Token: SeUndockPrivilege	1556	WMIC.exe
Token: SeManageVolumePrivilege	1556	WMIC.exe
Token: 33	1556	WMIC.exe
Token: 34	1556	WMIC.exe
Token: 35	1556	WMIC.exe
Token: 36	1556	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1556	WMIC.exe
Token: SeSecurityPrivilege	1556	WMIC.exe
Token: SeTakeOwnershipPrivilege	1556	WMIC.exe
Token: SeLoadDriverPrivilege	1556	WMIC.exe
Token: SeSystemProfilePrivilege	1556	WMIC.exe
Token: SeSystemtimePrivilege	1556	WMIC.exe
Token: SeProfSingleProcessPrivilege	1556	WMIC.exe
Token: SeIncBasePriorityPrivilege	1556	WMIC.exe
Token: SeCreatePagefilePrivilege	1556	WMIC.exe
Token: SeBackupPrivilege	1556	WMIC.exe
Token: SeRestorePrivilege	1556	WMIC.exe
Token: SeShutdownPrivilege	1556	WMIC.exe
Token: SeDebugPrivilege	1556	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1556	WMIC.exe
Token: SeRemoteShutdownPrivilege	1556	WMIC.exe
Token: SeUndockPrivilege	1556	WMIC.exe
Token: SeManageVolumePrivilege	1556	WMIC.exe
Token: 33	1556	WMIC.exe
Token: 34	1556	WMIC.exe
Token: 35	1556	WMIC.exe
Token: 36	1556	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4620	WMIC.exe
Token: SeSecurityPrivilege	4620	WMIC.exe
Token: SeTakeOwnershipPrivilege	4620	WMIC.exe
Token: SeLoadDriverPrivilege	4620	WMIC.exe
Token: SeSystemProfilePrivilege	4620	WMIC.exe
Token: SeSystemtimePrivilege	4620	WMIC.exe
Token: SeProfSingleProcessPrivilege	4620	WMIC.exe
Token: SeIncBasePriorityPrivilege	4620	WMIC.exe
Token: SeCreatePagefilePrivilege	4620	WMIC.exe
Token: SeBackupPrivilege	4620	WMIC.exe
Token: SeRestorePrivilege	4620	WMIC.exe
Token: SeShutdownPrivilege	4620	WMIC.exe
Token: SeDebugPrivilege	4620	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4620	WMIC.exe
Token: SeRemoteShutdownPrivilege	4620	WMIC.exe
Token: SeUndockPrivilege	4620	WMIC.exe
Token: SeManageVolumePrivilege	4620	WMIC.exe
Token: 33	4620	WMIC.exe
Token: 34	4620	WMIC.exe
Token: 35	4620	WMIC.exe
Token: 36	4620	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4620	WMIC.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

javaw.exe

pid process

2440 javaw.exe
2440 javaw.exe
2440 javaw.exe

pid	process
2440	javaw.exe
2440	javaw.exe
2440	javaw.exe

Suspicious use of WriteProcessMemory 28 IoCs

Processes:

DCRat.exejavaw.execmd.execmd.execmd.execmd.execmd.execmd.exe

description	pid	process	target process
PID 4392 wrote to memory of 2440	4392	DCRat.exe	javaw.exe
PID 4392 wrote to memory of 2440	4392	DCRat.exe	javaw.exe
PID 2440 wrote to memory of 912	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 912	2440	javaw.exe	cmd.exe
PID 912 wrote to memory of 1556	912	cmd.exe	WMIC.exe
PID 912 wrote to memory of 1556	912	cmd.exe	WMIC.exe
PID 2440 wrote to memory of 1492	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 1492	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 1484	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 1484	2440	javaw.exe	cmd.exe
PID 1484 wrote to memory of 4620	1484	cmd.exe	WMIC.exe
PID 1484 wrote to memory of 4620	1484	cmd.exe	WMIC.exe
PID 2440 wrote to memory of 2332	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 2332	2440	javaw.exe	cmd.exe
PID 2332 wrote to memory of 132	2332	cmd.exe	WMIC.exe
PID 2332 wrote to memory of 132	2332	cmd.exe	WMIC.exe
PID 2440 wrote to memory of 3412	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 3412	2440	javaw.exe	cmd.exe
PID 3412 wrote to memory of 2196	3412	cmd.exe	WMIC.exe
PID 3412 wrote to memory of 2196	3412	cmd.exe	WMIC.exe
PID 2440 wrote to memory of 3328	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 3328	2440	javaw.exe	cmd.exe
PID 3328 wrote to memory of 3856	3328	cmd.exe	WMIC.exe
PID 3328 wrote to memory of 3856	3328	cmd.exe	WMIC.exe
PID 2440 wrote to memory of 2580	2440	javaw.exe	cmd.exe
PID 2440 wrote to memory of 2580	2440	javaw.exe	cmd.exe
PID 2580 wrote to memory of 1860	2580	cmd.exe	WMIC.exe
PID 2580 wrote to memory of 1860	2580	cmd.exe	WMIC.exe

C:\Users\Admin\AppData\Local\Temp\newdcnyash\DCRat.exe
"C:\Users\Admin\AppData\Local\Temp\newdcnyash\DCRat.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4392

C:\Program Files\Java\jre-1.8\bin\javaw.exe
"C:\Program Files\Java\jre-1.8\bin\javaw.exe" -Dprism.dirtyopts=false -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\IIlIllIIlIllllIIIlIIlllIIIIIlIlllIIIIllllllIlIIlllIlIlIlllIIIlIIllIIIIlIllIlIlIlIlIlIIlllIlllIIllIIllIlIlllIlIIlllIIIIll.jar;lib\IIllIIIIIlIlIIlIIIllIllllIIIlllIIIlIlIIlIlIllllIIlIIllIlIlIllIIIIIlIlllllllIIIIlIIlIIllIIIlIlIlllIIIIllllIllIIIIIIlIllII.jar;lib\IlIIIIllIIIIIIIIIllIlIllIIIlIIllIIlIIllIIlIlIIIIIIIIIIlllIIlIllIIIlIlIllIllIlIlIlIlIllIlIllIlllIIllIlIllIlIIlllIIIIIlIlI.jar;lib\IlIlIIIIIIlIIIIIIllIlIIlIllIllIlIIIlIllllIlIlllIIlIIllIllIIlIlllIIIllllIlIllIIIIIIIIIlIIlIllIIllIIlIllIIIIlIIllIllllIlIl.jar;lib\IllIIIIIIIlllIIIlIlIllIIIIIllIllIlIIlIllIlIIlIllIIlIlIlIlllllllIIlllllllIIlIIIlIlIlIIlIllllIlllIIllllIIlllllIllIIIlIlIlI.jar;lib\IllIIIIIIlIIIIIlIllIIIIlIlIIIIlIIllIIllIIlIlllIlIlIlIIIlllllIlllIllIIIlllllIlIlIlIlllIlIIllIlIIlIlIIllIlIIllIlIlIIIlIIIl.jar;lib\IlllIIlllllIIllIIIlIIlIlIlIllllIlllIllllIIIIIlIllIIIIllIIlllIllIlIlIlIIIIllIllIIllllllIllIIlllIIIlIllllIlIllIIIIIIIIlIll.jar;lib\lIIIIIIllIllllllIIlllIlIIIIlIIllllIIIIIIIIllIIIIIlIIIIIIIlllIIIIIIlIIIlIlIlIlIlIllIllIlIllIlIlIIllIlIIIIlllIllIIllIIlIIl.jar;lib\lIIlIIlllIIIIIIlllIllIIIlIlIllIlllIlIllIllllIllIIIlIlIIIlIllIllIIlllIlllllIIIlIIlIIlIIIlIlllIIllIIIIlllIIIIlIIlllIlllllI.jar;lib\lIlllIIlIIlllIIllIIIlIIIIIlIlIlIIIIlIllIIlllIlllIllIlllIlIlIlllIIllIIllIIIlIllIIIlllIlllllIlIlIIlIIIIIllllIlIllIIllIllII.jar;lib\lIllllIllIlIIlIlIlllIIIllIIIIlIIllIllllIIlIIIIIlIIIlIIIIIIIIIIIIIIllIllIIlIlIlIlllllIlllllIIIIIIlIlIIIlIIllllIlIIIlIlllI.jar;lib\lIlllllIIlIllIllllIIIIlIIlIIIIIllIlllIIlIIllIllIIIlIIlllIllIIlllIIIlllIllllllllllIlIIIlIIlIllIIllIlllIlIlIIIIIIlllllIIlI.jar;lib\llIIIlllIIIllIIIIllIllIIlIIIlIllIlIIIIlIlIlIIllIIIlIIIlIIlllIIlIlIIIlIllllIIIIlIllIllllIlllIIlIIIIllIlIlIIlIIIllllllllIl.jar;lib\llIlIlIIIIIIllIllIIllIIlIlIlIllIIlllllIIlIIIIlIIIIIllIlIlIIIlIlIllllIlIlllIIlllIllIIIlIllllIIIllllIlllllIIIIIIllIlIIlIIl.jar;lib\llIlIlIIlllIllIlllIlIIIlIIIIlllIIIllIllllIIIIIIIIlllIlIIlllIIllIIllIlIIIllIIIIlIIlIllllIlIlllIllIIIIlIIlllIlIlIllIIlIllI.jar;lib\llIlIllIllIllIlIlllIlllIIIllllllIlIIlIllIlIlIlllIllIIIIIlllIIlIIlIllllIIIlllIllIIlIIIIIIlIlIIllIIIIlIlllIllIIlIlllIIIllI.jar" org.develnext.jphp.ext.javafx.FXLauncher
2⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2440

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Manufacturer
3⤵
- Suspicious use of WriteProcessMemory
PID:912

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Manufacturer
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:1556

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c USERPROFILE
3⤵
PID:1492

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe baseboard get Product
3⤵
- Suspicious use of WriteProcessMemory
PID:1484

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe baseboard get Product
4⤵
- Suspicious use of AdjustPrivilegeToken
PID:4620

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe CPU get ProcessorId
3⤵
- Suspicious use of WriteProcessMemory
PID:2332

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe CPU get ProcessorId
4⤵
PID:132

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where 'Index=0' get 'serialnumber'
3⤵
- Suspicious use of WriteProcessMemory
PID:3412

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where 'Index=0' get 'serialnumber'
4⤵
PID:2196

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe Path Win32_VideoController Get VideoProcessor
3⤵
- Suspicious use of WriteProcessMemory
PID:3328

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe Path Win32_VideoController Get VideoProcessor
4⤵
PID:3856

C:\Windows\System32\cmd.exe
C:\Windows\System32\cmd.exe /c C:\Windows\System32\wbem\wmic.exe diskdrive where 'Index=0' get 'size'
3⤵
- Suspicious use of WriteProcessMemory
PID:2580

C:\Windows\System32\wbem\WMIC.exe
C:\Windows\System32\wbem\wmic.exe diskdrive where 'Index=0' get 'size'
4⤵
PID:1860

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/2440-3-0x000001DBC3140000-0x000001DBC33B0000-memory.dmp

Filesize
2.4MB

Download
memory/2440-12-0x000001DBC3120000-0x000001DBC3121000-memory.dmp

Filesize
4KB

Download
memory/2440-16-0x000001DBC33B0000-0x000001DBC33C0000-memory.dmp

Filesize
64KB

Download
memory/2440-18-0x000001DBC33C0000-0x000001DBC33D0000-memory.dmp

Filesize
64KB

Download
memory/2440-22-0x000001DBC33D0000-0x000001DBC33E0000-memory.dmp

Filesize
64KB

Download
memory/2440-24-0x000001DBC33E0000-0x000001DBC33F0000-memory.dmp

Filesize
64KB

Download
memory/2440-26-0x000001DBC33F0000-0x000001DBC3400000-memory.dmp

Filesize
64KB

Download
memory/2440-28-0x000001DBC3400000-0x000001DBC3410000-memory.dmp

Filesize
64KB

Download
memory/2440-34-0x000001DBC3420000-0x000001DBC3430000-memory.dmp

Filesize
64KB

Download
memory/2440-33-0x000001DBC3410000-0x000001DBC3420000-memory.dmp

Filesize
64KB

Download
memory/2440-36-0x000001DBC3140000-0x000001DBC33B0000-memory.dmp

Filesize
2.4MB

Download
memory/2440-38-0x000001DBC3430000-0x000001DBC3440000-memory.dmp

Filesize
64KB

Download
memory/2440-39-0x000001DBC3440000-0x000001DBC3450000-memory.dmp

Filesize
64KB

Download
memory/2440-42-0x000001DBC3450000-0x000001DBC3460000-memory.dmp

Filesize
64KB

Download
memory/2440-41-0x000001DBC33B0000-0x000001DBC33C0000-memory.dmp

Filesize
64KB

Download
memory/2440-46-0x000001DBC3460000-0x000001DBC3470000-memory.dmp

Filesize
64KB

Download
memory/2440-45-0x000001DBC33C0000-0x000001DBC33D0000-memory.dmp

Filesize
64KB

Download
memory/2440-49-0x000001DBC3470000-0x000001DBC3480000-memory.dmp

Filesize
64KB

Download
memory/2440-48-0x000001DBC33D0000-0x000001DBC33E0000-memory.dmp

Filesize
64KB

Download
memory/2440-53-0x000001DBC3480000-0x000001DBC3490000-memory.dmp

Filesize
64KB

Download
memory/2440-52-0x000001DBC33E0000-0x000001DBC33F0000-memory.dmp

Filesize
64KB

Download
memory/2440-57-0x000001DBC3490000-0x000001DBC34A0000-memory.dmp

Filesize
64KB

Download
memory/2440-56-0x000001DBC33F0000-0x000001DBC3400000-memory.dmp

Filesize
64KB

Download
memory/2440-58-0x000001DBC3400000-0x000001DBC3410000-memory.dmp

Filesize
64KB

Download
memory/2440-59-0x000001DBC34A0000-0x000001DBC34B0000-memory.dmp

Filesize
64KB

Download
memory/2440-62-0x000001DBC34B0000-0x000001DBC34C0000-memory.dmp

Filesize
64KB

Download
memory/2440-61-0x000001DBC3410000-0x000001DBC3420000-memory.dmp

Filesize
64KB

Download
memory/2440-66-0x000001DBC34C0000-0x000001DBC34D0000-memory.dmp

Filesize
64KB

Download
memory/2440-65-0x000001DBC3420000-0x000001DBC3430000-memory.dmp

Filesize
64KB

Download
memory/2440-68-0x000001DBC3430000-0x000001DBC3440000-memory.dmp

Filesize
64KB

Download
memory/2440-70-0x000001DBC34E0000-0x000001DBC34F0000-memory.dmp

Filesize
64KB

Download
memory/2440-69-0x000001DBC34D0000-0x000001DBC34E0000-memory.dmp

Filesize
64KB

Download
memory/2440-72-0x000001DBC3440000-0x000001DBC3450000-memory.dmp

Filesize
64KB

Download
memory/2440-73-0x000001DBC34F0000-0x000001DBC3500000-memory.dmp

Filesize
64KB

Download
memory/2440-75-0x000001DBC3450000-0x000001DBC3460000-memory.dmp

Filesize
64KB

Download
memory/2440-76-0x000001DBC3500000-0x000001DBC3510000-memory.dmp

Filesize
64KB

Download
memory/2440-79-0x000001DBC3120000-0x000001DBC3121000-memory.dmp

Filesize
4KB

Download
memory/2440-82-0x000001DBC3510000-0x000001DBC3520000-memory.dmp

Filesize
64KB

Download
memory/2440-81-0x000001DBC3460000-0x000001DBC3470000-memory.dmp

Filesize
64KB

Download
memory/2440-85-0x000001DBC3520000-0x000001DBC3530000-memory.dmp

Filesize
64KB

Download
memory/2440-84-0x000001DBC3470000-0x000001DBC3480000-memory.dmp

Filesize
64KB

Download
memory/2440-87-0x000001DBC3480000-0x000001DBC3490000-memory.dmp

Filesize
64KB

Download
memory/2440-88-0x000001DBC3530000-0x000001DBC3540000-memory.dmp

Filesize
64KB

Download
memory/2440-91-0x000001DBC3540000-0x000001DBC3550000-memory.dmp

Filesize
64KB

Download
memory/2440-90-0x000001DBC3490000-0x000001DBC34A0000-memory.dmp

Filesize
64KB

Download
memory/2440-93-0x000001DBC34A0000-0x000001DBC34B0000-memory.dmp

Filesize
64KB

Download
memory/2440-95-0x000001DBC3550000-0x000001DBC3560000-memory.dmp

Filesize
64KB

Download
memory/2440-97-0x000001DBC3560000-0x000001DBC3570000-memory.dmp

Filesize
64KB

Download
memory/2440-96-0x000001DBC34B0000-0x000001DBC34C0000-memory.dmp

Filesize
64KB

Download
memory/2440-101-0x000001DBC3570000-0x000001DBC3580000-memory.dmp

Filesize
64KB

Download
memory/2440-100-0x000001DBC34C0000-0x000001DBC34D0000-memory.dmp

Filesize
64KB

Download
memory/2440-103-0x000001DBC34D0000-0x000001DBC34E0000-memory.dmp

Filesize
64KB

Download
memory/2440-105-0x000001DBC3580000-0x000001DBC3590000-memory.dmp

Filesize
64KB

Download
memory/2440-104-0x000001DBC34E0000-0x000001DBC34F0000-memory.dmp

Filesize
64KB

Download
memory/2440-108-0x000001DBC3590000-0x000001DBC35A0000-memory.dmp

Filesize
64KB

Download
memory/2440-107-0x000001DBC34F0000-0x000001DBC3500000-memory.dmp

Filesize
64KB

Download
memory/2440-112-0x000001DBC35A0000-0x000001DBC35B0000-memory.dmp

Filesize
64KB

Download
memory/2440-110-0x000001DBC3500000-0x000001DBC3510000-memory.dmp

Filesize
64KB

Download
memory/2440-114-0x000001DBC35B0000-0x000001DBC35C0000-memory.dmp

Filesize
64KB

Download
memory/2440-113-0x000001DBC3510000-0x000001DBC3520000-memory.dmp

Filesize
64KB

Download
memory/2440-117-0x000001DBC3520000-0x000001DBC3530000-memory.dmp

Filesize
64KB

Download
memory/2440-118-0x000001DBC35C0000-0x000001DBC35D0000-memory.dmp

Filesize
64KB

Download
memory/2440-122-0x000001DBC35E0000-0x000001DBC35F0000-memory.dmp

Filesize
64KB

Download
memory/2440-121-0x000001DBC35D0000-0x000001DBC35E0000-memory.dmp

Filesize
64KB

Download
memory/2440-120-0x000001DBC3530000-0x000001DBC3540000-memory.dmp

Filesize
64KB

Download
memory/2440-125-0x000001DBC3540000-0x000001DBC3550000-memory.dmp

Filesize
64KB

Download
memory/2440-126-0x000001DBC35F0000-0x000001DBC3600000-memory.dmp

Filesize
64KB

Download
memory/2440-133-0x000001DBC3620000-0x000001DBC3630000-memory.dmp

Filesize
64KB

Download
memory/2440-138-0x000001DBC3640000-0x000001DBC3650000-memory.dmp

Filesize
64KB

Download
memory/2440-137-0x000001DBC3630000-0x000001DBC3640000-memory.dmp

Filesize
64KB

Download
memory/2440-136-0x000001DBC3560000-0x000001DBC3570000-memory.dmp

Filesize
64KB

Download
memory/2440-132-0x000001DBC3610000-0x000001DBC3620000-memory.dmp

Filesize
64KB

Download
memory/2440-131-0x000001DBC3600000-0x000001DBC3610000-memory.dmp

Filesize
64KB

Download
memory/2440-130-0x000001DBC3550000-0x000001DBC3560000-memory.dmp

Filesize
64KB

Download
memory/2440-141-0x000001DBC3650000-0x000001DBC3660000-memory.dmp

Filesize
64KB

Download
memory/2440-140-0x000001DBC3570000-0x000001DBC3580000-memory.dmp

Filesize
64KB

Download
memory/2440-144-0x000001DBC3660000-0x000001DBC3670000-memory.dmp

Filesize
64KB

Download
memory/2440-143-0x000001DBC3580000-0x000001DBC3590000-memory.dmp

Filesize
64KB

Download
memory/2440-147-0x000001DBC3670000-0x000001DBC3680000-memory.dmp

Filesize
64KB

Download
memory/2440-146-0x000001DBC3590000-0x000001DBC35A0000-memory.dmp

Filesize
64KB

Download
memory/2440-150-0x000001DBC3680000-0x000001DBC3690000-memory.dmp

Filesize
64KB

Download
memory/2440-149-0x000001DBC35A0000-0x000001DBC35B0000-memory.dmp

Filesize
64KB

Download
memory/2440-153-0x000001DBC3690000-0x000001DBC36A0000-memory.dmp

Filesize
64KB

Download
memory/2440-152-0x000001DBC35B0000-0x000001DBC35C0000-memory.dmp

Filesize
64KB

Download
memory/2440-155-0x000001DBC35C0000-0x000001DBC35D0000-memory.dmp

Filesize
64KB

Download
memory/2440-156-0x000001DBC36A0000-0x000001DBC36B0000-memory.dmp

Filesize
64KB

Download
memory/2440-161-0x000001DBC3120000-0x000001DBC3121000-memory.dmp

Filesize
4KB

Download
memory/2440-182-0x000001DBC36B0000-0x000001DBC36C0000-memory.dmp

Filesize
64KB

Download
memory/2440-181-0x000001DBC35E0000-0x000001DBC35F0000-memory.dmp

Filesize
64KB

Download
memory/2440-180-0x000001DBC35D0000-0x000001DBC35E0000-memory.dmp

Filesize
64KB

Download
memory/2440-186-0x000001DBC36C0000-0x000001DBC36D0000-memory.dmp

Filesize
64KB

Download
memory/2440-185-0x000001DBC35F0000-0x000001DBC3600000-memory.dmp

Filesize
64KB

Download
memory/2440-187-0x000001DBC3600000-0x000001DBC3610000-memory.dmp

Filesize
64KB

Download
memory/2440-190-0x000001DBC36D0000-0x000001DBC36E0000-memory.dmp

Filesize
64KB

Download
memory/2440-189-0x000001DBC3620000-0x000001DBC3630000-memory.dmp

Filesize
64KB

Download
memory/2440-192-0x000001DBC3120000-0x000001DBC3121000-memory.dmp

Filesize
4KB

Download
memory/2440-188-0x000001DBC3610000-0x000001DBC3620000-memory.dmp

Filesize
64KB

Download
memory/2440-220-0x000001DBC3120000-0x000001DBC3121000-memory.dmp

Filesize
4KB

Download
memory/2440-223-0x000001DBC3630000-0x000001DBC3640000-memory.dmp

Filesize
64KB

Download
memory/2440-225-0x000001DBC36E0000-0x000001DBC36F0000-memory.dmp

Filesize
64KB

Download
memory/2440-224-0x000001DBC3640000-0x000001DBC3650000-memory.dmp

Filesize
64KB

Download
memory/4392-0-0x0000000000400000-0x000000000041F000-memory.dmp

Filesize
124KB

Download