zgrat | a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

Analysis

max time kernel
119s
max time network
123s
platform
windows7_x64
resource
win7-20231023-en
resource tags

arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
submitted
03/12/2023, 22:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe
Size

908KB
MD5

eace63ea1948f012941dd4a9b3ac3c94
SHA1

a405bafadae7f27a3dbe108e8690034fe45b3330
SHA256

a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998
SHA512

3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024
SSDEEP

24576:emL7X62LBPsHdB3irLKfM9WCjC3NnOBk5/s0v1n3:JW2LBECUCjC5l5k0v

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 30 IoCs

resource	yara_rule
behavioral1/memory/1716-19-0x000000001AE50000-0x000000001AF34000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-22-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-23-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-25-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-27-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-29-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-31-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-33-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-35-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-37-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-39-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-41-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-43-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-45-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-47-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-49-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-51-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-53-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-55-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-57-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-59-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-61-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-63-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-65-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-67-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-69-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-71-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-73-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/1716-75-0x000000001AE50000-0x000000001AF30000-memory.dmp	family_zgrat_v1
behavioral1/memory/2800-2226-0x0000000000690000-0x0000000000710000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 2 IoCs

pid	Process
836	XsdType.exe
2800	XsdType.exe

Loads dropped DLL 2 IoCs

pid	Process
2812	taskeng.exe
836	XsdType.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2116 set thread context of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 836 set thread context of 2800	836	XsdType.exe	34

Suspicious behavior: EnumeratesProcesses 21 IoCs

pid	Process
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe
2800	XsdType.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe
Token: SeDebugPrivilege	1716	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe
Token: SeDebugPrivilege	836	XsdType.exe
Token: SeDebugPrivilege	2800	XsdType.exe

Suspicious use of WriteProcessMemory 47 IoCs

description	pid	Process	procid_target
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2116 wrote to memory of 1716	2116	a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe	28
PID 2812 wrote to memory of 836	2812	taskeng.exe	33
PID 2812 wrote to memory of 836	2812	taskeng.exe	33
PID 2812 wrote to memory of 836	2812	taskeng.exe	33
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 836 wrote to memory of 2800	836	XsdType.exe	34
PID 2800 wrote to memory of 2340	2800	XsdType.exe	35
PID 2800 wrote to memory of 2340	2800	XsdType.exe	35
PID 2800 wrote to memory of 2340	2800	XsdType.exe	35
PID 2800 wrote to memory of 2960	2800	XsdType.exe	36
PID 2800 wrote to memory of 2960	2800	XsdType.exe	36
PID 2800 wrote to memory of 2960	2800	XsdType.exe	36
PID 2800 wrote to memory of 2116	2800	XsdType.exe	37
PID 2800 wrote to memory of 2116	2800	XsdType.exe	37
PID 2800 wrote to memory of 2116	2800	XsdType.exe	37
PID 2800 wrote to memory of 1768	2800	XsdType.exe	38
PID 2800 wrote to memory of 1768	2800	XsdType.exe	38
PID 2800 wrote to memory of 1768	2800	XsdType.exe	38
PID 2800 wrote to memory of 2032	2800	XsdType.exe	39
PID 2800 wrote to memory of 2032	2800	XsdType.exe	39
PID 2800 wrote to memory of 2032	2800	XsdType.exe	39
PID 2800 wrote to memory of 112	2800	XsdType.exe	40
PID 2800 wrote to memory of 112	2800	XsdType.exe	40
PID 2800 wrote to memory of 112	2800	XsdType.exe	40
PID 2800 wrote to memory of 1936	2800	XsdType.exe	41
PID 2800 wrote to memory of 1936	2800	XsdType.exe	41
PID 2800 wrote to memory of 1936	2800	XsdType.exe	41
PID 2800 wrote to memory of 3008	2800	XsdType.exe	42
PID 2800 wrote to memory of 3008	2800	XsdType.exe	42
PID 2800 wrote to memory of 3008	2800	XsdType.exe	42
PID 2800 wrote to memory of 2688	2800	XsdType.exe	44
PID 2800 wrote to memory of 2688	2800	XsdType.exe	44
PID 2800 wrote to memory of 2688	2800	XsdType.exe	44
PID 2800 wrote to memory of 2320	2800	XsdType.exe	43
PID 2800 wrote to memory of 2320	2800	XsdType.exe	43
PID 2800 wrote to memory of 2320	2800	XsdType.exe	43

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe
"C:\Users\Admin\AppData\Local\Temp\a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2116
- C:\Users\Admin\AppData\Local\Temp\a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe
  C:\Users\Admin\AppData\Local\Temp\a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998.exe
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:1716

C:\Windows\system32\taskeng.exe
taskeng.exe {0B6F4779-BF62-4739-B737-49B09F3E933B} S-1-5-21-2085049433-1067986815-1244098655-1000:AHLBRYJO\Admin:Interactive:[1]
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2812
- C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe
  C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:836
- - C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe
    C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2800
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:2340
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:2960
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:2116
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:1768
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:2032
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:112
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:1936
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:3008
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:2320
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe
      4⤵
      PID:2688

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
C:\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
\Users\Admin\AppData\Local\Opcode\aaxuoodan\XsdType.exe

Filesize
908KB

MD5
eace63ea1948f012941dd4a9b3ac3c94

SHA1
a405bafadae7f27a3dbe108e8690034fe45b3330

SHA256
a481b300f1cf5ec873245d16c0e0fdfc18f681cf2ee682b23d47dd0b122c4998

SHA512
3350590ead968dd755accf8ae017c65601953707622cc8747a4fc884be9712a3426397797203720f6aa0725ef1077093797ce44237920ccdfd0dd7be046cf024

Download Submit
memory/836-2224-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download
memory/836-2213-0x000000001ADF0000-0x000000001AE70000-memory.dmp

Filesize
512KB

Download
memory/836-2212-0x0000000000A50000-0x0000000000B38000-memory.dmp

Filesize
928KB

Download
memory/836-2211-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download
memory/1716-47-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-59-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-10-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1716-12-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1716-13-0x000007FFFFFDF000-0x000007FFFFFE0000-memory.dmp

Filesize
4KB

Download
memory/1716-20-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

Filesize
9.9MB

Download
memory/1716-19-0x000000001AE50000-0x000000001AF34000-memory.dmp

Filesize
912KB

Download
memory/1716-21-0x000000001B020000-0x000000001B0A0000-memory.dmp

Filesize
512KB

Download
memory/1716-22-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-23-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-25-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-27-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-29-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-31-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-33-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-35-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-37-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-39-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-41-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-43-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-45-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-8-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1716-49-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-51-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-53-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-55-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-57-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-15-0x0000000000400000-0x00000000004AA000-memory.dmp

Filesize
680KB

Download
memory/1716-61-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-63-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-65-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-67-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-69-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-71-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-73-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-75-0x000000001AE50000-0x000000001AF30000-memory.dmp

Filesize
896KB

Download
memory/1716-2202-0x0000000000350000-0x0000000000358000-memory.dmp

Filesize
32KB

Download
memory/1716-2203-0x00000000005B0000-0x0000000000606000-memory.dmp

Filesize
344KB

Download
memory/1716-2204-0x0000000000830000-0x0000000000884000-memory.dmp

Filesize
336KB

Download
memory/1716-2206-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

Filesize
9.9MB

Download
memory/2116-18-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

Filesize
9.9MB

Download
memory/2116-7-0x0000000000510000-0x000000000055C000-memory.dmp

Filesize
304KB

Download
memory/2116-2-0x000000001ADB0000-0x000000001AE30000-memory.dmp

Filesize
512KB

Download
memory/2116-1-0x000007FEF55A0000-0x000007FEF5F8C000-memory.dmp

Filesize
9.9MB

Download
memory/2116-0-0x0000000001300000-0x00000000013E8000-memory.dmp

Filesize
928KB

Download
memory/2116-5-0x000000001B410000-0x000000001B4D8000-memory.dmp

Filesize
800KB

Download
memory/2116-6-0x000000001B4E0000-0x000000001B5A8000-memory.dmp

Filesize
800KB

Download
memory/2116-4-0x000000001B210000-0x000000001B2F0000-memory.dmp

Filesize
896KB

Download
memory/2116-3-0x0000000000650000-0x000000000072E000-memory.dmp

Filesize
888KB

Download
memory/2800-4408-0x0000000000690000-0x0000000000710000-memory.dmp

Filesize
512KB

Download
memory/2800-2226-0x0000000000690000-0x0000000000710000-memory.dmp

Filesize
512KB

Download
memory/2800-4407-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download
memory/2800-2225-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download
memory/2800-4409-0x000007FEF51A0000-0x000007FEF5B8C000-memory.dmp

Filesize
9.9MB

Download