zgrat | 24471a5441763eca34eb78d690343b58468465c0c031a1ad3a7e71525d27fdcb

Analysis

max time kernel
175s
max time network
197s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
12-10-2023 06:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Sentares Hack — копия.exe
Size

3.9MB
MD5

c0d98ffe1c56cfc2a37d1c5458c60018
SHA1

2595973f7a114f91f57112d6c9b4826692eb17fc
SHA256

24471a5441763eca34eb78d690343b58468465c0c031a1ad3a7e71525d27fdcb
SHA512

e548666738e8feba9da24a354f7243313629889cb99330dd2d6c501d1a1fa8ddaf7ff3a801b514b330190decd42820e448d87e0f3b642f86162941f3ab1fb8ee
SSDEEP

49152:UBA230ehGn8Knv6swWrSUGIF183q2SbVhTtYqss8pjWFXRnRYrI2oWprZ+L:+L3hG8Kv69Wrl18q9bwU3RYwWhU

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 10 IoCs

resource	yara_rule
behavioral2/files/0x00070000000231d9-14.dat	family_zgrat_v1
behavioral2/files/0x00070000000231d9-16.dat	family_zgrat_v1
behavioral2/memory/3480-18-0x0000000000400000-0x00000000007F3000-memory.dmp	family_zgrat_v1
behavioral2/files/0x00070000000231d9-19.dat	family_zgrat_v1
behavioral2/files/0x000a0000000231df-33.dat	family_zgrat_v1
behavioral2/files/0x000a0000000231df-34.dat	family_zgrat_v1
behavioral2/memory/2392-35-0x00000000003F0000-0x0000000000778000-memory.dmp	family_zgrat_v1
behavioral2/files/0x00070000000231f9-116.dat	family_zgrat_v1
behavioral2/files/0x0006000000023201-133.dat	family_zgrat_v1
behavioral2/files/0x0006000000023201-134.dat	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	Sentares Hack — копия.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	Sentores Hack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000\Control Panel\International\Geo\Nation	ContainerBrowserref.exe

Executes dropped EXE 4 IoCs

pid	Process
4972	FakeInject .exe
776	Sentores Hack.exe
2392	ContainerBrowserref.exe
4916	ContainerBrowserref.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Windows Multimedia Platform\c5b4cb5e9653cc	ContainerBrowserref.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\unsecapp.exe	ContainerBrowserref.exe
File created	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\29c1c3cc0f7685	ContainerBrowserref.exe
File created	C:\Program Files (x86)\Windows Multimedia Platform\services.exe	ContainerBrowserref.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\TrustedInstaller.exe	ContainerBrowserref.exe
File created	C:\Windows\SystemResources\Microsoft.Windows.SecHealthUI\pris\04c1e7795967e4	ContainerBrowserref.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	Sentores Hack.exe
Key created	\REGISTRY\USER\S-1-5-21-2344688013-2965468717-2034126-1000_Classes\Local Settings	ContainerBrowserref.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
2404	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe
2392	ContainerBrowserref.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2392	ContainerBrowserref.exe
Token: SeDebugPrivilege	4916	ContainerBrowserref.exe

Suspicious use of WriteProcessMemory 22 IoCs

description	pid	Process	procid_target
PID 3480 wrote to memory of 4972	3480	Sentares Hack — копия.exe	89
PID 3480 wrote to memory of 4972	3480	Sentares Hack — копия.exe	89
PID 3480 wrote to memory of 4972	3480	Sentares Hack — копия.exe	89
PID 3480 wrote to memory of 776	3480	Sentares Hack — копия.exe	91
PID 3480 wrote to memory of 776	3480	Sentares Hack — копия.exe	91
PID 3480 wrote to memory of 776	3480	Sentares Hack — копия.exe	91
PID 776 wrote to memory of 3788	776	Sentores Hack.exe	92
PID 776 wrote to memory of 3788	776	Sentores Hack.exe	92
PID 776 wrote to memory of 3788	776	Sentores Hack.exe	92
PID 3788 wrote to memory of 1072	3788	WScript.exe	100
PID 3788 wrote to memory of 1072	3788	WScript.exe	100
PID 3788 wrote to memory of 1072	3788	WScript.exe	100
PID 1072 wrote to memory of 2392	1072	cmd.exe	102
PID 1072 wrote to memory of 2392	1072	cmd.exe	102
PID 2392 wrote to memory of 3332	2392	ContainerBrowserref.exe	105
PID 2392 wrote to memory of 3332	2392	ContainerBrowserref.exe	105
PID 3332 wrote to memory of 2248	3332	cmd.exe	107
PID 3332 wrote to memory of 2248	3332	cmd.exe	107
PID 3332 wrote to memory of 2404	3332	cmd.exe	108
PID 3332 wrote to memory of 2404	3332	cmd.exe	108
PID 3332 wrote to memory of 4916	3332	cmd.exe	109
PID 3332 wrote to memory of 4916	3332	cmd.exe	109

C:\Users\Admin\AppData\Local\Temp\Sentares Hack — копия.exe
"C:\Users\Admin\AppData\Local\Temp\Sentares Hack — копия.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3480
- C:\Users\Admin\AppData\Local\Temp\FakeInject .exe
  "C:\Users\Admin\AppData\Local\Temp\FakeInject .exe"
  2⤵
  - Executes dropped EXE
  PID:4972
- C:\Users\Admin\AppData\Local\Temp\Sentores Hack.exe
  "C:\Users\Admin\AppData\Local\Temp\Sentores Hack.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:776
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\mSXaWzTd8jZ9K9akD0zj0q7AzxJLDnZBpnSJTTPD.vbe"
    3⤵
    - Checks computer location settings
    - Suspicious use of WriteProcessMemory
    PID:3788
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\fyqYNuGvF2k6O1wqFeuPN6wmaOe.bat" "
      4⤵
      Suspicious use of WriteProcessMemory
      PID:1072
    - - C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\ContainerBrowserref.exe
        
        "C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession/ContainerBrowserref.exe"
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Drops file in Program Files directory
        Drops file in Windows directory
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2392
      - C:\Windows\System32\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\sFjR0vEqkE.bat"
        6⤵
        Suspicious use of WriteProcessMemory
        
        PID:3332
        
        C:\Windows\system32\chcp.com
        
        chcp 65001
        7⤵
        
        PID:2248
        
        C:\Windows\system32\PING.EXE
        
        ping -n 10 localhost
        7⤵
        Runs ping.exe
        
        PID:2404
        
        C:\Recovery\WindowsRE\ContainerBrowserref.exe
        
        "C:\Recovery\WindowsRE\ContainerBrowserref.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of AdjustPrivilegeToken
        
        PID:4916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Windows Multimedia Platform\services.exe

Filesize
3.5MB

MD5
51cb68843239686118b06756a7755a7b

SHA1
76cbbb98bd291ca479bf765e05fdfaf08f452dd5

SHA256
05403a188b34db04e63541537d92a893ef56380b06dcf22b64d481df7f4b3c54

SHA512
bbd2a3f8e0ef56eeb48d6bcf3d160c56b39160b62441a974bbdcdcc57e9237ab6716720ca361c7f0ae3621e4ad3db46e899dc3fa729f50e9df07d033c5404036

Download Submit
C:\Recovery\WindowsRE\ContainerBrowserref.exe

Filesize
3.5MB

MD5
51cb68843239686118b06756a7755a7b

SHA1
76cbbb98bd291ca479bf765e05fdfaf08f452dd5

SHA256
05403a188b34db04e63541537d92a893ef56380b06dcf22b64d481df7f4b3c54

SHA512
bbd2a3f8e0ef56eeb48d6bcf3d160c56b39160b62441a974bbdcdcc57e9237ab6716720ca361c7f0ae3621e4ad3db46e899dc3fa729f50e9df07d033c5404036

Download Submit
C:\Recovery\WindowsRE\ContainerBrowserref.exe

Filesize
3.5MB

MD5
51cb68843239686118b06756a7755a7b

SHA1
76cbbb98bd291ca479bf765e05fdfaf08f452dd5

SHA256
05403a188b34db04e63541537d92a893ef56380b06dcf22b64d481df7f4b3c54

SHA512
bbd2a3f8e0ef56eeb48d6bcf3d160c56b39160b62441a974bbdcdcc57e9237ab6716720ca361c7f0ae3621e4ad3db46e899dc3fa729f50e9df07d033c5404036

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\ContainerBrowserref.exe.log

Filesize
1KB

MD5
98d93f7a2239452aef29ed995c71b759

SHA1
d1fc6bff08e49cb16a1e5d0b0348232282cf5677

SHA256
399712789c6f2c7bd1b7afdf835eb2ac525632424daf08e751186195ebdbba52

SHA512
1073e74c9f065aa02be1bfb172308c555c0ad0c5ff35315d76de23d2c6daf1d3fe0b32042a428431847d09b679f14cb129c058af3277e9ed16787d37ae276d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\ContainerBrowserref.exe

Filesize
3.5MB

MD5
51cb68843239686118b06756a7755a7b

SHA1
76cbbb98bd291ca479bf765e05fdfaf08f452dd5

SHA256
05403a188b34db04e63541537d92a893ef56380b06dcf22b64d481df7f4b3c54

SHA512
bbd2a3f8e0ef56eeb48d6bcf3d160c56b39160b62441a974bbdcdcc57e9237ab6716720ca361c7f0ae3621e4ad3db46e899dc3fa729f50e9df07d033c5404036

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\ContainerBrowserref.exe

Filesize
3.5MB

MD5
51cb68843239686118b06756a7755a7b

SHA1
76cbbb98bd291ca479bf765e05fdfaf08f452dd5

SHA256
05403a188b34db04e63541537d92a893ef56380b06dcf22b64d481df7f4b3c54

SHA512
bbd2a3f8e0ef56eeb48d6bcf3d160c56b39160b62441a974bbdcdcc57e9237ab6716720ca361c7f0ae3621e4ad3db46e899dc3fa729f50e9df07d033c5404036

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\fyqYNuGvF2k6O1wqFeuPN6wmaOe.bat

Filesize
109B

MD5
f285edd8ee898dcf2f3d6d97da90eb30

SHA1
69fb9b40400568d8702c5caaf98ed1f402cf2528

SHA256
584c370821e51c1451bf7d02c5ebf0bf1aecd31fc73ff07f1a978d8e009b2309

SHA512
bd372b46c646dfbdfbb26775a84f0bf545f4891e8100089e09474ec213359e6e4148eddde8a1f18046ea30af899f6ba16acaf1538315dc724e09c241d0650f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\BlockServerrefsession\mSXaWzTd8jZ9K9akD0zj0q7AzxJLDnZBpnSJTTPD.vbe

Filesize
231B

MD5
87c0f256290277ff461d089547a90028

SHA1
a7551c83a4d4f7101654faab434ddf23032ad996

SHA256
3048edcdebf739c3866bb804abeffd5441b06d42ebda496ccfbd4e49ca378a31

SHA512
68846ca7525ebade796239db3304f409cd7aa88b82be2bd835feb7322e68f2303b7803d1d0636fb9710d5ebf062ff9f8a4be771b47d67ec66d2603103b4b60f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\FakeInject .exe

Filesize
6KB

MD5
ed6243a98ea5ecfb2b08f481336b6ece

SHA1
195867c38058367ef2077da167ddc039ef2b5e54

SHA256
dbe8b0b17ec8f38af926975eea7d9053d0509806a442146ab98b6c681b710a59

SHA512
622dd556b14205b3c0013651d2f9baa40d6623b3843dd6628ad7b83b01758d62b57da1fda6a8502ca2aadcb65f120a72ea6ca3c3ecf63d3ebec0689f8fde6365

Download Submit
C:\Users\Admin\AppData\Local\Temp\FakeInject .exe

Filesize
6KB

MD5
ed6243a98ea5ecfb2b08f481336b6ece

SHA1
195867c38058367ef2077da167ddc039ef2b5e54

SHA256
dbe8b0b17ec8f38af926975eea7d9053d0509806a442146ab98b6c681b710a59

SHA512
622dd556b14205b3c0013651d2f9baa40d6623b3843dd6628ad7b83b01758d62b57da1fda6a8502ca2aadcb65f120a72ea6ca3c3ecf63d3ebec0689f8fde6365

Download Submit
C:\Users\Admin\AppData\Local\Temp\FakeInject .exe

Filesize
6KB

MD5
ed6243a98ea5ecfb2b08f481336b6ece

SHA1
195867c38058367ef2077da167ddc039ef2b5e54

SHA256
dbe8b0b17ec8f38af926975eea7d9053d0509806a442146ab98b6c681b710a59

SHA512
622dd556b14205b3c0013651d2f9baa40d6623b3843dd6628ad7b83b01758d62b57da1fda6a8502ca2aadcb65f120a72ea6ca3c3ecf63d3ebec0689f8fde6365

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sentores Hack.exe

Filesize
3.8MB

MD5
565f1b84fe99f24378b28d68cab6a82b

SHA1
23d59dc0373e86b120a644453dec5df4a1dadcc3

SHA256
9460f44aa4dcbf7c155a1800a1458f54791be5831b1accc52a0dcc11744bf433

SHA512
1e4a7a0682f5a0be80006b84394d56949834c51432712a3784ae93d926160ecb63bbf9156ab96da48d7656fdb441485a0350ec6270e8156eaaebb5170cb255bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sentores Hack.exe

Filesize
3.8MB

MD5
565f1b84fe99f24378b28d68cab6a82b

SHA1
23d59dc0373e86b120a644453dec5df4a1dadcc3

SHA256
9460f44aa4dcbf7c155a1800a1458f54791be5831b1accc52a0dcc11744bf433

SHA512
1e4a7a0682f5a0be80006b84394d56949834c51432712a3784ae93d926160ecb63bbf9156ab96da48d7656fdb441485a0350ec6270e8156eaaebb5170cb255bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Sentores Hack.exe

Filesize
3.8MB

MD5
565f1b84fe99f24378b28d68cab6a82b

SHA1
23d59dc0373e86b120a644453dec5df4a1dadcc3

SHA256
9460f44aa4dcbf7c155a1800a1458f54791be5831b1accc52a0dcc11744bf433

SHA512
1e4a7a0682f5a0be80006b84394d56949834c51432712a3784ae93d926160ecb63bbf9156ab96da48d7656fdb441485a0350ec6270e8156eaaebb5170cb255bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\sFjR0vEqkE.bat

Filesize
173B

MD5
c34ed623fe3189333addb2d3590d53af

SHA1
e74b088c510d4c148106ef319e914e5a954f5510

SHA256
a96e7fb442ff5a4102215ea0011f6a81b0e25173dafa4e4225f40777307988ba

SHA512
50af18f0847caadd4606807fe24a5491046a5e7e4dd1608e1b25e935e6c5fd5c5fcf612a710c28d56156a7ef89eb0625dfd1b2d853037a5bb7b681a981f6e351

Download Submit
memory/2392-70-0x00000000028E0000-0x00000000028F0000-memory.dmp

Filesize
64KB

Download
memory/2392-82-0x000000001B5F0000-0x000000001B606000-memory.dmp

Filesize
88KB

Download
memory/2392-40-0x00007FFFD79C0000-0x00007FFFD8481000-memory.dmp

Filesize
10.8MB

Download
memory/2392-41-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/2392-42-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/2392-43-0x00007FFFF8880000-0x00007FFFF893E000-memory.dmp

Filesize
760KB

Download
memory/2392-44-0x00007FFFF8870000-0x00007FFFF8871000-memory.dmp

Filesize
4KB

Download
memory/2392-45-0x00007FFFF8880000-0x00007FFFF893E000-memory.dmp

Filesize
760KB

Download
memory/2392-47-0x000000001B3D0000-0x000000001B3F6000-memory.dmp

Filesize
152KB

Download
memory/2392-48-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/2392-49-0x00007FFFF8880000-0x00007FFFF893E000-memory.dmp

Filesize
760KB

Download
memory/2392-50-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/2392-51-0x00007FFFF8860000-0x00007FFFF8861000-memory.dmp

Filesize
4KB

Download
memory/2392-52-0x00007FFFF8880000-0x00007FFFF893E000-memory.dmp

Filesize
760KB

Download
memory/2392-54-0x0000000002850000-0x000000000285E000-memory.dmp

Filesize
56KB

Download
memory/2392-55-0x00007FFFF8850000-0x00007FFFF8851000-memory.dmp

Filesize
4KB

Download
memory/2392-57-0x00000000028C0000-0x00000000028DC000-memory.dmp

Filesize
112KB

Download
memory/2392-58-0x000000001B450000-0x000000001B4A0000-memory.dmp

Filesize
320KB

Download
memory/2392-59-0x00007FFFF8840000-0x00007FFFF8841000-memory.dmp

Filesize
4KB

Download
memory/2392-61-0x00000000028A0000-0x00000000028B0000-memory.dmp

Filesize
64KB

Download
memory/2392-62-0x00007FFFF8830000-0x00007FFFF8831000-memory.dmp

Filesize
4KB

Download
memory/2392-64-0x000000001B420000-0x000000001B438000-memory.dmp

Filesize
96KB

Download
memory/2392-65-0x00007FFFF8820000-0x00007FFFF8821000-memory.dmp

Filesize
4KB

Download
memory/2392-67-0x00000000028B0000-0x00000000028C0000-memory.dmp

Filesize
64KB

Download
memory/2392-68-0x00007FFFF8810000-0x00007FFFF8811000-memory.dmp

Filesize
4KB

Download
memory/2392-38-0x0000000000F00000-0x0000000000F01000-memory.dmp

Filesize
4KB

Download
memory/2392-71-0x00007FFFF8800000-0x00007FFFF8801000-memory.dmp

Filesize
4KB

Download
memory/2392-73-0x000000001B400000-0x000000001B40E000-memory.dmp

Filesize
56KB

Download
memory/2392-76-0x00007FFFF87F0000-0x00007FFFF87F1000-memory.dmp

Filesize
4KB

Download
memory/2392-75-0x000000001B5D0000-0x000000001B5E2000-memory.dmp

Filesize
72KB

Download
memory/2392-77-0x00007FFFF87E0000-0x00007FFFF87E1000-memory.dmp

Filesize
4KB

Download
memory/2392-79-0x000000001B410000-0x000000001B420000-memory.dmp

Filesize
64KB

Download
memory/2392-80-0x00007FFFF87D0000-0x00007FFFF87D1000-memory.dmp

Filesize
4KB

Download
memory/2392-39-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/2392-83-0x00007FFFF87C0000-0x00007FFFF87C1000-memory.dmp

Filesize
4KB

Download
memory/2392-85-0x000000001B610000-0x000000001B622000-memory.dmp

Filesize
72KB

Download
memory/2392-86-0x000000001BB60000-0x000000001C088000-memory.dmp

Filesize
5.2MB

Download
memory/2392-89-0x000000001B440000-0x000000001B44E000-memory.dmp

Filesize
56KB

Download
memory/2392-87-0x00007FFFF87B0000-0x00007FFFF87B1000-memory.dmp

Filesize
4KB

Download
memory/2392-90-0x00007FFFF87A0000-0x00007FFFF87A1000-memory.dmp

Filesize
4KB

Download
memory/2392-92-0x000000001B5B0000-0x000000001B5C0000-memory.dmp

Filesize
64KB

Download
memory/2392-93-0x00007FFFF8790000-0x00007FFFF8791000-memory.dmp

Filesize
4KB

Download
memory/2392-95-0x000000001B5C0000-0x000000001B5D0000-memory.dmp

Filesize
64KB

Download
memory/2392-96-0x00007FFFF8780000-0x00007FFFF8781000-memory.dmp

Filesize
4KB

Download
memory/2392-98-0x000000001B690000-0x000000001B6EA000-memory.dmp

Filesize
360KB

Download
memory/2392-99-0x00007FFFF8770000-0x00007FFFF8771000-memory.dmp

Filesize
4KB

Download
memory/2392-101-0x000000001B630000-0x000000001B63E000-memory.dmp

Filesize
56KB

Download
memory/2392-102-0x00007FFFF8760000-0x00007FFFF8761000-memory.dmp

Filesize
4KB

Download
memory/2392-104-0x000000001B640000-0x000000001B650000-memory.dmp

Filesize
64KB

Download
memory/2392-105-0x00007FFFF8750000-0x00007FFFF8751000-memory.dmp

Filesize
4KB

Download
memory/2392-107-0x000000001B650000-0x000000001B65E000-memory.dmp

Filesize
56KB

Download
memory/2392-108-0x00007FFFF8740000-0x00007FFFF8741000-memory.dmp

Filesize
4KB

Download
memory/2392-110-0x000000001B8F0000-0x000000001B908000-memory.dmp

Filesize
96KB

Download
memory/2392-111-0x00007FFFF8730000-0x00007FFFF8731000-memory.dmp

Filesize
4KB

Download
memory/2392-113-0x000000001C090000-0x000000001C0DE000-memory.dmp

Filesize
312KB

Download
memory/2392-37-0x000000001B4A0000-0x000000001B4B0000-memory.dmp

Filesize
64KB

Download
memory/2392-129-0x00007FFFD79C0000-0x00007FFFD8481000-memory.dmp

Filesize
10.8MB

Download
memory/2392-36-0x00007FFFD79C0000-0x00007FFFD8481000-memory.dmp

Filesize
10.8MB

Download
memory/2392-130-0x00007FFFF8880000-0x00007FFFF893E000-memory.dmp

Filesize
760KB

Download
memory/2392-35-0x00000000003F0000-0x0000000000778000-memory.dmp

Filesize
3.5MB

Download
memory/3480-18-0x0000000000400000-0x00000000007F3000-memory.dmp

Filesize
3.9MB

Download
memory/4916-136-0x00007FFFD7A70000-0x00007FFFD8531000-memory.dmp

Filesize
10.8MB

Download
memory/4972-20-0x0000000000270000-0x0000000000278000-memory.dmp

Filesize
32KB

Download
memory/4972-21-0x00000000747A0000-0x0000000074F50000-memory.dmp

Filesize
7.7MB

Download
memory/4972-30-0x00000000747A0000-0x0000000074F50000-memory.dmp

Filesize
7.7MB

Download