zgrat | d0f93d98529b19fc436ea00567f23e9e012d440669b8e728e17d8d8e20a147cd

Analysis

max time kernel
117s
max time network
118s
platform
windows7_x64
resource
win7-20231130-en
resource tags

arch:x64arch:x86image:win7-20231130-enlocale:en-usos:windows7-x64system
submitted
11/12/2023, 04:19

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Size

5KB
MD5

8b95800de56f2a64f7b7cd95e86dd589
SHA1

3a686e8fb346f6e7ad07b2fb10fea1faaed887bd
SHA256

d0f93d98529b19fc436ea00567f23e9e012d440669b8e728e17d8d8e20a147cd
SHA512

35d3e9b4a18e118e0879f09c6ce9cb17cdb7f8af37e8b55858f331755a5f8fee71939a2e25ba0e152f353d4f434ae8f82e91fcbf2f6af892af6739451724b099
SSDEEP

96:yLuDs+WNUUrytGdcsq+kdk4uo5tdf2zNt:yi3u+Ecmf4PPQ

Score

10^/10

zgrat collection persistence rat spyware stealer

Malware Config

Signatures

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral1/memory/2172-3-0x000000001C6E0000-0x000000001C848000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-7-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-17-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-15-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-19-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-13-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-11-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-9-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-25-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-35-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-45-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-51-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-57-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-65-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-67-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-63-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-61-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-59-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-55-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-53-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-49-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-47-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-43-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-41-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-39-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-37-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-33-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-31-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-29-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-27-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-23-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-21-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-5-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1
behavioral1/memory/2172-4-0x000000001C6E0000-0x000000001C841000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Loads dropped DLL 1 IoCs

pid	Process
2280	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Accesses Microsoft Outlook profiles 1 TTPs 35 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\17.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\19.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key opened	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\18.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key created	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows\CurrentVersion\Run\GC = "C:\\Users\\Admin\\AppData\\Roaming\\GC.exe"	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2172 set thread context of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
2280	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
2280	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
Token: SeDebugPrivilege	2280	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

Suspicious use of WriteProcessMemory 7 IoCs

description	pid	Process	procid_target
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28
PID 2172 wrote to memory of 2280	2172	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe	28

outlook_office_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Office\20.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

outlook_win_path 1 IoCs

description	ioc	Process
Key queried	\REGISTRY\USER\S-1-5-21-2185821622-4133679102-1697169727-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676	SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe

C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
"C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2172
- C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
  C:\Users\Admin\AppData\Local\Temp\SecuriteInfo.com.Win64.TrojanX-gen.32623.1958.exe
  2⤵
  - Loads dropped DLL
  - Accesses Microsoft Outlook profiles
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - outlook_office_path
  - outlook_win_path
  PID:2280

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Uwwniqy.tmp

Filesize
36KB

MD5
ad959160c024981e11e38f3d70102df1

SHA1
342dabe112d8f7a11848a201d68104cfc12cd03e

SHA256
c27f7569d4b7d221d3f18a8214b2f4eaee6c788180ef6d4651ddc672a4c0416a

SHA512
583c20ad9dfa39f4803d6ee40959228ac38c7acdab57d6f6920e3cf786cc07ed31f287d9a7fb7c5a73f8d6caf0f36c8a0a91015d38ef6cdc3a5a30b7a92a8f41

Download Submit
memory/2172-0-0x0000000000160000-0x0000000000168000-memory.dmp

Filesize
32KB

Download
memory/2172-1-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmp

Filesize
9.9MB

Download
memory/2172-2-0x000000001B2A0000-0x000000001B320000-memory.dmp

Filesize
512KB

Download
memory/2172-3-0x000000001C6E0000-0x000000001C848000-memory.dmp

Filesize
1.4MB

Download
memory/2172-7-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-17-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-15-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-19-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-13-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-11-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-9-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-25-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-35-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-45-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-51-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-57-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-65-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-67-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-63-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-61-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-59-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-55-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-53-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-49-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-47-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-43-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-41-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-39-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-37-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-33-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-31-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-29-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-27-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-23-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-21-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-5-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-4-0x000000001C6E0000-0x000000001C841000-memory.dmp

Filesize
1.4MB

Download
memory/2172-926-0x00000000003B0000-0x00000000003B1000-memory.dmp

Filesize
4KB

Download
memory/2172-928-0x00000000007A0000-0x00000000007EC000-memory.dmp

Filesize
304KB

Download
memory/2172-927-0x000000001C010000-0x000000001C110000-memory.dmp

Filesize
1024KB

Download
memory/2172-937-0x000007FEF5A00000-0x000007FEF63EC000-memory.dmp

Filesize
9.9MB

Download
memory/2280-942-0x000000001AE00000-0x000000001AF08000-memory.dmp

Filesize
1.0MB

Download
memory/2280-941-0x000000001AF60000-0x000000001AFE0000-memory.dmp

Filesize
512KB

Download
memory/2280-940-0x000007FEF5010000-0x000007FEF59FC000-memory.dmp

Filesize
9.9MB

Download
memory/2280-939-0x0000000000400000-0x00000000004E2000-memory.dmp

Filesize
904KB

Download
memory/2280-3121-0x0000000000150000-0x0000000000158000-memory.dmp

Filesize
32KB

Download
memory/2280-3122-0x000000001A6B0000-0x000000001A74E000-memory.dmp

Filesize
632KB

Download
memory/2280-3123-0x000000001B9F0000-0x000000001BC00000-memory.dmp

Filesize
2.1MB

Download
memory/2280-3128-0x000007FEF5010000-0x000007FEF59FC000-memory.dmp

Filesize
9.9MB

Download
memory/2280-3130-0x00000000021C0000-0x000000000222C000-memory.dmp

Filesize
432KB

Download
memory/2280-3129-0x000000001A990000-0x000000001AA0A000-memory.dmp

Filesize
488KB

Download
memory/2280-3133-0x0000000000780000-0x00000000007A5000-memory.dmp

Filesize
148KB

Download
memory/2280-3153-0x000007FEF5010000-0x000007FEF59FC000-memory.dmp

Filesize
9.9MB

Download