Overview

overview

10

Static

static

3

10243ce788...71.exe

windows7-x64

10

10243ce788...71.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    127s
  • max time network
    134s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231023-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231023-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-10-2023 05:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    10243ce788b5dcbbf248058fe196f371.exe

  • Size

    498KB

  • MD5

    10243ce788b5dcbbf248058fe196f371

  • SHA1

    0da95887908b6ada23c698de6cf2f3f986655721

  • SHA256

    8bf51ccb2646d38af6778a0712c78415e113b1393509afdc16c97a0bfb91eb55

  • SHA512

    a990028f8a9b4cce76c2409f95837436d61dc7038d1365d669fd9143f75580e74e4f9f013934435a1ca9e0c1360bbebfe276ea4328ab9d7bd26c6c7c63e83160

  • SSDEEP

    12288:nicNb5chlOMdRL8m6alMG/njrPIRp4tbhknaSJ8XC0x:tqhPRL8m6alMG/njrPIRp496aLXC0

Score
10/10
snakekeyloggerzgratkeyloggerratstealer

Malware Config

Extracted

Family

snakekeylogger

Credentials

Signatures

  • Detect ZGRat V1 34 IoCs
  • Snake Keylogger

    Keylogger and Infostealer first seen in November 2020.

    stealerkeyloggersnakekeylogger
  • Snake Keylogger payload 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Looks up external IP address via web service 3 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Gathers network information 2 TTPs 2 IoCs

    Uses commandline utility to view network configuration.

  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of WriteProcessMemory 41 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\10243ce788b5dcbbf248058fe196f371.exe
    "C:\Users\Admin\AppData\Local\Temp\10243ce788b5dcbbf248058fe196f371.exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of SetThreadContext
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:4696
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ipconfig /release
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:3280
      • C:\Windows\SysWOW64\ipconfig.exe
        "C:\Windows\system32\ipconfig.exe" /release
        3⤵
        • Gathers network information
        PID:1432
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2320
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2872
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3500
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4896
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:3336
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" ipconfig /renew
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:3184
      • C:\Windows\SysWOW64\ipconfig.exe
        "C:\Windows\system32\ipconfig.exe" /renew
        3⤵
        • Gathers network information
        PID:400
    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      2⤵
      • Executes dropped EXE
      PID:1500
    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      2⤵
      • Executes dropped EXE
      PID:2092
    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      2⤵
      • Executes dropped EXE
      • Suspicious behavior: EnumeratesProcesses
      PID:3532
      • C:\Windows\SysWOW64\WerFault.exe
        C:\Windows\SysWOW64\WerFault.exe -u -p 3532 -s 1796
        3⤵
        • Program crash
        PID:780
  • C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3532 -ip 3532
    1⤵
      PID:3468

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log
      Filesize

      1KB

      MD5

      33b19d75aa77114216dbc23f43b195e3

      SHA1

      36a6c3975e619e0c5232aa4f5b7dc1fec9525535

      SHA256

      b23ced31b855e5a39c94afa1f9d55b023b8c40d4dc62143e0539c6916c12c9d2

      SHA512

      676fa2fd34878b75e5899197fe6826bb5604541aa468804bc9835bd3acabed2e6759878a8f1358955413818a51456816e90f149133828575a416c2a74fc7d821

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      19KB

      MD5

      9e66e962389a0216a1303cd6a7f6d199

      SHA1

      2327e0dfa7d8e68478e0723c2d92326e1fa6baf3

      SHA256

      f3c4fff7118d931358aff24e860335a4ae5713508ce5e3f53cd10f30c6bd16af

      SHA512

      8e87986828785c898e29a93a18cd2fb14f2146fb8ddf1c516cdf91109d1acfe6a039fecc296016dbd19c71512fc41837f6cdfe7203cc01ee93a2f4223b4deae5

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      19KB

      MD5

      bad8859cc2adc804deeb708374fc7bbf

      SHA1

      013926e54b4cabd5509702431d2fb66f13d109d8

      SHA256

      5c0c8472196d669ced5adda3e8b98352b793bb460be3ce0448d62337be4bdfdd

      SHA512

      600e1670e7e9680336f393cb378734f5139c5797787c4707aa7a07b248335a9b302ae5a29d4715eae9920d6aa08dc6e07e51486fdb8b7d19ea591f32fbf3f1a3

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      11KB

      MD5

      bbefb0bff16d054751122c3597a3e002

      SHA1

      6ba7ba4f769c7cee0e80e9b4f73798f56895362f

      SHA256

      34499c0396c84e981c21492c24a953dcbfd44ad4386182b69de9d312e8a14e26

      SHA512

      c8dc30228b543593ca666f72aec7eacab69bf15c09d9f94f803a7716be6a4ab78790e09b482acb5edac373b831d46d23e897007298660313daa741b7d7851bb7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      19KB

      MD5

      70b714c564ebb855905f81b1687f1447

      SHA1

      b5cdd28c082d39fb8ff273817372ddb02288e190

      SHA256

      7f6c687d98e9920502ddbadbe8485f87a7f2a10195e266177fa14a18fc76e75a

      SHA512

      a2ae59964ed1609438a1291a5e5ddbcf55af39bbf01918b18304603a2f995095820ee39cbf798f3d419a711c07519f0708757b3e96fbf7e88c7a026780d9959d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      19KB

      MD5

      5751ea1b6b67becfc8eab04ab19edc29

      SHA1

      80281b0cbfef93da8d2589601c4c097bd87f2394

      SHA256

      64b3a080f6972ff9a6172db4d24e545ae2de494300f4207e573cd09d9339031b

      SHA512

      c7e49a75d0c60432903da91d143fea0934f71b49efd7425e6fb3df0bf2a3e9f2af83602e35e17226905ea38d0eaaa99987f77726f00a7c5a0f97c9fd21bf2b0b

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
      Filesize

      19KB

      MD5

      484035d605bd9b421ee46edee6df138f

      SHA1

      3e967b92f9642f2e3d2154024d65fad275481391

      SHA256

      3921a3b3b1443ba1c72386383a67af090070b3b424ea3f3ccc9a67a03d78bfdd

      SHA512

      a12080680d7674f6248462a003613a1197846e7c9e0e804ac53fff734d5ff356d5adce4b9685279f57196786813e31c84cce475a1313cd6ffc6d84c0f8c15ab2

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_q0bcufgi.z0e.ps1
      Filesize

      60B

      MD5

      d17fe0a3f47be24a6453e9ef58c94641

      SHA1

      6ab83620379fc69f80c0242105ddffd7d98d5d9d

      SHA256

      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

      SHA512

      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      Filesize

      55KB

      MD5

      fda8c8f2a4e100afb14c13dfcbcab2d2

      SHA1

      19dfd86294c4a525ba21c6af77681b2a9bbecb55

      SHA256

      99a2c778c9a6486639d0aff1a7d2d494c2b0dc4c7913ebcb7bfea50a2f1d0b09

      SHA512

      94f0ace37cae77be9935cf4fc8aaa94691343d3b38de5e16c663b902c220bff513cd02256c7af2d815a23dd30439582ddbb0880009c76bbf36ff8fbc1a6ddc18

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      Filesize

      55KB

      MD5

      fda8c8f2a4e100afb14c13dfcbcab2d2

      SHA1

      19dfd86294c4a525ba21c6af77681b2a9bbecb55

      SHA256

      99a2c778c9a6486639d0aff1a7d2d494c2b0dc4c7913ebcb7bfea50a2f1d0b09

      SHA512

      94f0ace37cae77be9935cf4fc8aaa94691343d3b38de5e16c663b902c220bff513cd02256c7af2d815a23dd30439582ddbb0880009c76bbf36ff8fbc1a6ddc18

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      Filesize

      55KB

      MD5

      fda8c8f2a4e100afb14c13dfcbcab2d2

      SHA1

      19dfd86294c4a525ba21c6af77681b2a9bbecb55

      SHA256

      99a2c778c9a6486639d0aff1a7d2d494c2b0dc4c7913ebcb7bfea50a2f1d0b09

      SHA512

      94f0ace37cae77be9935cf4fc8aaa94691343d3b38de5e16c663b902c220bff513cd02256c7af2d815a23dd30439582ddbb0880009c76bbf36ff8fbc1a6ddc18

      Download Submit

    • C:\Users\Admin\AppData\Local\Temp\aspnet_compiler.exe
      Filesize

      55KB

      MD5

      fda8c8f2a4e100afb14c13dfcbcab2d2

      SHA1

      19dfd86294c4a525ba21c6af77681b2a9bbecb55

      SHA256

      99a2c778c9a6486639d0aff1a7d2d494c2b0dc4c7913ebcb7bfea50a2f1d0b09

      SHA512

      94f0ace37cae77be9935cf4fc8aaa94691343d3b38de5e16c663b902c220bff513cd02256c7af2d815a23dd30439582ddbb0880009c76bbf36ff8fbc1a6ddc18

      Download Submit

    • memory/2320-29-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2320-46-0x0000000008080000-0x00000000086FA000-memory.dmp

      Filesize

      6.5MB

      Download

    • memory/2320-44-0x0000000006040000-0x0000000006062000-memory.dmp

      Filesize

      136KB

      Download

    • memory/2320-43-0x0000000005FF0000-0x000000000600A000-memory.dmp

      Filesize

      104KB

      Download

    • memory/2320-42-0x0000000006E00000-0x0000000006E96000-memory.dmp

      Filesize

      600KB

      Download

    • memory/2320-28-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2320-45-0x0000000007450000-0x00000000079F4000-memory.dmp

      Filesize

      5.6MB

      Download

    • memory/2320-30-0x0000000002330000-0x0000000002340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2320-48-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2872-64-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2872-51-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/2872-57-0x0000000005C20000-0x0000000005F74000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/2872-49-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/2872-50-0x0000000004CD0000-0x0000000004CE0000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3184-112-0x0000000002920000-0x0000000002930000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3184-126-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3184-125-0x0000000002920000-0x0000000002930000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3184-110-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3184-111-0x0000000002920000-0x0000000002930000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3280-3-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3280-19-0x0000000005FC0000-0x0000000006314000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3280-24-0x0000000005170000-0x0000000005180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3280-21-0x00000000064E0000-0x000000000652C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/3280-7-0x00000000054D0000-0x00000000054F2000-memory.dmp

      Filesize

      136KB

      Download

    • memory/3280-26-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3280-8-0x0000000005DE0000-0x0000000005E46000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3280-20-0x00000000064A0000-0x00000000064BE000-memory.dmp

      Filesize

      120KB

      Download

    • memory/3280-14-0x0000000005E50000-0x0000000005EB6000-memory.dmp

      Filesize

      408KB

      Download

    • memory/3280-6-0x00000000057B0000-0x0000000005DD8000-memory.dmp

      Filesize

      6.2MB

      Download

    • memory/3280-5-0x0000000002B60000-0x0000000002B96000-memory.dmp

      Filesize

      216KB

      Download

    • memory/3280-4-0x0000000005170000-0x0000000005180000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3336-96-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3336-123-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3336-98-0x0000000005B60000-0x0000000005EB4000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/3336-97-0x0000000002870000-0x0000000002880000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3500-79-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3500-65-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3500-67-0x0000000005040000-0x0000000005050000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3500-66-0x0000000005040000-0x0000000005050000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3532-627-0x0000000000400000-0x0000000000426000-memory.dmp

      Filesize

      152KB

      Download

    • memory/3532-629-0x0000000004DA0000-0x0000000004E3C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/3532-630-0x0000000005110000-0x0000000005120000-memory.dmp

      Filesize

      64KB

      Download

    • memory/3532-628-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/3532-631-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4696-145-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-169-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-131-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-137-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-141-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-143-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-139-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-41-0x0000000005330000-0x0000000005340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4696-135-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-133-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-129-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-128-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-147-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-149-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-153-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-155-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-151-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-157-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-159-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-161-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-163-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-165-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-167-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-127-0x0000000005230000-0x0000000005286000-memory.dmp

      Filesize

      344KB

      Download

    • memory/4696-171-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-177-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-179-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-181-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-183-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-175-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-185-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-187-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-173-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-191-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-189-0x0000000005230000-0x000000000527F000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4696-616-0x0000000000F20000-0x0000000000F3C000-memory.dmp

      Filesize

      112KB

      Download

    • memory/4696-23-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4696-2-0x0000000005330000-0x0000000005340000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4696-1-0x00000000007F0000-0x0000000000872000-memory.dmp

      Filesize

      520KB

      Download

    • memory/4696-0-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4696-626-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4896-82-0x0000000004EF0000-0x0000000004F00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4896-81-0x0000000004EF0000-0x0000000004F00000-memory.dmp

      Filesize

      64KB

      Download

    • memory/4896-80-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download

    • memory/4896-92-0x0000000005C40000-0x0000000005F94000-memory.dmp

      Filesize

      3.3MB

      Download

    • memory/4896-95-0x0000000074A10000-0x00000000751C0000-memory.dmp

      Filesize

      7.7MB

      Download