r77 | a0ee5664312e247585b9b1ec5744c18380a5bb8cb56e044084d52e330002ee56

Analysis

max time kernel
167s
max time network
180s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
30-12-2023 10:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

156a71da2a68110469c383da6c39c616.exe
Size

5.6MB
MD5

156a71da2a68110469c383da6c39c616
SHA1

912915419f719f8de18aa486737cfb8ad3b02ff9
SHA256

a0ee5664312e247585b9b1ec5744c18380a5bb8cb56e044084d52e330002ee56
SHA512

802d7cb717e2917de634048448fc4397b8e41a52a6d9929633dff7974e740fe6d4c50ca06b044155248bdd4ac6e634cc968fbda60ae9eb504fb0b268acb42a9c
SSDEEP

98304:npTr9Ki6iH0eOZI39nQLB3L+mQ6QgLYIyM7aam+4Q3sclQ1+g5u:ph6m0eF9nQl3L+mQ6Q/te4Q3scRgE

Score

10^/10

r77 zgrat rat rootkit

Malware Config

Signatures

Detect ZGRat V1 36 IoCs

resource	yara_rule
behavioral2/memory/4140-11-0x0000000000E70000-0x0000000000ED8000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-12-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-13-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-15-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-19-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-17-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-21-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-23-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-25-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-27-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-29-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-31-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-33-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-35-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-37-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-39-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-41-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-43-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-45-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-47-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-49-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-51-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-53-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-55-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-57-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-59-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-61-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-63-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-65-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-67-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-69-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-71-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-73-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/4140-75-0x0000000000E70000-0x0000000000ED3000-memory.dmp	family_zgrat_v1
behavioral2/memory/1092-1998-0x0000000006EC0000-0x0000000006F1C000-memory.dmp	family_zgrat_v1
behavioral2/memory/716-2370-0x000000001D000000-0x000000001D068000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
r77
r77 is an open-source, userland rootkit.
rootkit r77

r77 rootkit payload 1 IoCs

Detects the payload of the r77 rootkit.

resource	yara_rule
behavioral2/files/0x000300000001e7ff-1944.dat	r77_payload

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3073191680-435865314-2862784915-1000\Control Panel\International\Geo\Nation	156a71da2a68110469c383da6c39c616.exe

Executes dropped EXE 3 IoCs

pid	Process
1980	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
1092	MicrosoftSecurity.exe
716	WindowUpdate.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4140 set thread context of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4140	156a71da2a68110469c383da6c39c616.exe
4140	156a71da2a68110469c383da6c39c616.exe
4140	156a71da2a68110469c383da6c39c616.exe
4140	156a71da2a68110469c383da6c39c616.exe
4140	156a71da2a68110469c383da6c39c616.exe
4140	156a71da2a68110469c383da6c39c616.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	4140	156a71da2a68110469c383da6c39c616.exe
Token: SeDebugPrivilege	1980	State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
Token: SeDebugPrivilege	1092	MicrosoftSecurity.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 4140 wrote to memory of 1904	4140	156a71da2a68110469c383da6c39c616.exe	104
PID 4140 wrote to memory of 1904	4140	156a71da2a68110469c383da6c39c616.exe	104
PID 4140 wrote to memory of 1904	4140	156a71da2a68110469c383da6c39c616.exe	104
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 4140 wrote to memory of 3312	4140	156a71da2a68110469c383da6c39c616.exe	105
PID 3312 wrote to memory of 1980	3312	156a71da2a68110469c383da6c39c616.exe	106
PID 3312 wrote to memory of 1980	3312	156a71da2a68110469c383da6c39c616.exe	106
PID 3312 wrote to memory of 1092	3312	156a71da2a68110469c383da6c39c616.exe	107
PID 3312 wrote to memory of 1092	3312	156a71da2a68110469c383da6c39c616.exe	107
PID 3312 wrote to memory of 1092	3312	156a71da2a68110469c383da6c39c616.exe	107
PID 3312 wrote to memory of 716	3312	156a71da2a68110469c383da6c39c616.exe	108
PID 3312 wrote to memory of 716	3312	156a71da2a68110469c383da6c39c616.exe	108

C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
"C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4140
- C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
  C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
  2⤵
  PID:1904
- C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
  C:\Users\Admin\AppData\Local\Temp\156a71da2a68110469c383da6c39c616.exe
  2⤵
  - Checks computer location settings
  - Suspicious use of WriteProcessMemory
  PID:3312
- - C:\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe
    "C:\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1980
- - C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe
    "C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:1092
- - C:\Users\Admin\AppData\Roaming\WindowUpdate.exe
    "C:\Users\Admin\AppData\Roaming\WindowUpdate.exe"
    3⤵
    - Executes dropped EXE
    PID:716

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\156a71da2a68110469c383da6c39c616.exe.log

Filesize
1KB

MD5
7ebe314bf617dc3e48b995a6c352740c

SHA1
538f643b7b30f9231a3035c448607f767527a870

SHA256
48178f884b8a4dd96e330b210b0530667d9473a7629fc6b4ad12b614bf438ee8

SHA512
0ba9d8f4244c15285e254d27b4bff7c49344ff845c48bc0bf0d8563072fab4d6f7a6abe6b6742e8375a08e9a3b3e5d5dc4937ab428dbe2dd8e62892fda04507e

Download Submit
C:\Users\Admin\AppData\Local\Temp\State of Decay 2 Juggernaut Edition v1.0-v23 Plus 19 Trainer.exe

Filesize
1.3MB

MD5
17397e278f2c4c7f0182fca6fa806b5e

SHA1
ebdfd87194d31dfe6f89b93d7043deff94bc907c

SHA256
701334e05e5acbb580abeec4a6f83a32ed431476b50e95b3549b93e21af902b1

SHA512
caeaab922e447c197809c7242e876e3eb2f196dfe5bbcd2d687b340eec221c06c7fe6cfffd80df37fac2662326611810b58b56e556ecd61244677143636d7d39

Download Submit
C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe

Filesize
2.0MB

MD5
8004f6bc97129ac953163ac9101a0535

SHA1
c7e4e5fa9c1f47e9f068d346d79c76a18a4946aa

SHA256
b1ff218812a6be7e53cb4347f5e8bd48a7e0df1af13f8badf38c8475a720efeb

SHA512
eebe7fb078e737ab0dd7d327dcacccadafb8e938f4990add01a260b5584ab366db4d36cf9dd2fe3d95cd94e8194c8c970d7769d556a593ce0288542101835351

Download Submit
C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe

Filesize
1.8MB

MD5
1ba14172a4dad6270d95f27548ffc81d

SHA1
a39acdb64f864b8474868891eb7deab9537fa18f

SHA256
d88012f3176adf19c323793f1b0d12b91cc8b367a0de7f47bf01afc9215872c8

SHA512
2b748cfce91c05fa0f7241c886043093a86362a0c0591215302f62009a1a71bab2e833175f67dce8f412b7a1e15fb2294b62beb5b5309d1d1563222927ba30d0

Download Submit
C:\Users\Admin\AppData\Roaming\MicrosoftSecurity.exe

Filesize
1.4MB

MD5
13c7c94236ab1687e1521bff13fdb281

SHA1
5c9758f765b85e43e8891b5bc8712150354ad7c1

SHA256
cdfd5012989cc608104c162832ecbe8853da52089a0447ba489ad94a8ed8843a

SHA512
3303929244f05f1643519fb9ff4215bdf72415d41a8b9b8070d4faf39f6785de5cfa3180c7b1f8110757722a96184c41991ecabebdc42d72fadb95f47f9ad5f6

Download Submit
C:\Users\Admin\AppData\Roaming\WindowUpdate.exe

Filesize
960KB

MD5
c4ce97e03df055ede51318c349f17df9

SHA1
f97e347679cdb648caabc5cf44f2b7e0b264fb03

SHA256
b8fd534737221a5d6e99780d3627abe1670c23b01a1ee2df567028c4e17d92cf

SHA512
8f913fcee838d58034671b584680af07bb6fde4ed62fb21d3c3694503bd575ad71df93491f3fad7b1caae28c7a8d66aeb5d1f95f4eda4847fd6c6e2cee669163

Download Submit
C:\Users\Admin\AppData\Roaming\WindowUpdate.exe

Filesize
1.8MB

MD5
a2732d764786bd2c73d0f1b3fc05095c

SHA1
7feed0a3a65459ecd0e51095c4955f8b5615f8e8

SHA256
47cbfe2cb4589a01878412ca94e210f396ddc23c8f127efc797cb07567c62fa5

SHA512
84865698c399b0737383d8ca20aca6bad29d18c1ec92e12b67d181141014584b749b8dc668850431510436487c769218167889588850fee500caec41d0daf7eb

Download Submit
C:\Users\Admin\AppData\Roaming\WindowUpdate.exe

Filesize
1.3MB

MD5
160719dde10d26315832b6403f12dc2e

SHA1
0bc36b998b5f53661e91dfa4141685514ee7f745

SHA256
daab802ca18e51d3ea5d78ec6f5d6cfa7044aa4525b3f88d27d6b500aacadf9e

SHA512
ff9ac18b43aaa09b188183f8dbf02aebc01035c26309307d53b1f5a195a67fb7e13b2b222efd19f0a30dc8cf69a3dd63b8666696d180ba0ccc1e45ba6a854937

Download Submit
memory/716-1996-0x000000001C000000-0x000000001C010000-memory.dmp

Filesize
64KB

Download
memory/716-2327-0x000000001C000000-0x000000001C010000-memory.dmp

Filesize
64KB

Download
memory/716-1992-0x00007FF9B54A0000-0x00007FF9B5F61000-memory.dmp

Filesize
10.8MB

Download
memory/716-1994-0x000000001C000000-0x000000001C010000-memory.dmp

Filesize
64KB

Download
memory/716-2370-0x000000001D000000-0x000000001D068000-memory.dmp

Filesize
416KB

Download
memory/716-1982-0x00007FF9B54A0000-0x00007FF9B5F61000-memory.dmp

Filesize
10.8MB

Download
memory/716-2332-0x000000001EAF0000-0x000000001ED4C000-memory.dmp

Filesize
2.4MB

Download
memory/716-1987-0x000000001C000000-0x000000001C010000-memory.dmp

Filesize
64KB

Download
memory/716-1977-0x00000000002C0000-0x0000000000556000-memory.dmp

Filesize
2.6MB

Download
memory/716-1985-0x000000001C000000-0x000000001C010000-memory.dmp

Filesize
64KB

Download
memory/1092-1984-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/1092-1975-0x0000000000E20000-0x0000000001062000-memory.dmp

Filesize
2.3MB

Download
memory/1092-1998-0x0000000006EC0000-0x0000000006F1C000-memory.dmp

Filesize
368KB

Download
memory/1092-1997-0x0000000006C70000-0x0000000006E78000-memory.dmp

Filesize
2.0MB

Download
memory/1092-1995-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/1092-1979-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/1092-1993-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/1092-1986-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/1092-1991-0x00000000058D0000-0x00000000058E0000-memory.dmp

Filesize
64KB

Download
memory/1980-1978-0x00007FF9B54A0000-0x00007FF9B5F61000-memory.dmp

Filesize
10.8MB

Download
memory/1980-1988-0x000001FDED810000-0x000001FDED820000-memory.dmp

Filesize
64KB

Download
memory/1980-1989-0x000001FDED810000-0x000001FDED820000-memory.dmp

Filesize
64KB

Download
memory/1980-1990-0x00007FF9B54A0000-0x00007FF9B5F61000-memory.dmp

Filesize
10.8MB

Download
memory/1980-1970-0x000001FDD4CC0000-0x000001FDD4CF2000-memory.dmp

Filesize
200KB

Download
memory/1980-1983-0x000001FDED810000-0x000001FDED820000-memory.dmp

Filesize
64KB

Download
memory/1980-1980-0x000001FDED810000-0x000001FDED820000-memory.dmp

Filesize
64KB

Download
memory/1980-1981-0x000001FDED810000-0x000001FDED820000-memory.dmp

Filesize
64KB

Download
memory/3312-1976-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/3312-1937-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/3312-1938-0x0000000005A00000-0x0000000005A08000-memory.dmp

Filesize
32KB

Download
memory/3312-1936-0x0000000000400000-0x0000000000A34000-memory.dmp

Filesize
6.2MB

Download
memory/4140-29-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-33-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-69-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-71-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-73-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-75-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-65-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-63-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-61-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-1940-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/4140-59-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-57-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-55-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-53-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-51-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-49-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-47-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-45-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-43-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-41-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-39-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-37-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-35-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-67-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-31-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-0-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/4140-27-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-25-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-23-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-21-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-17-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-19-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-15-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-13-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-12-0x0000000000E70000-0x0000000000ED3000-memory.dmp

Filesize
396KB

Download
memory/4140-11-0x0000000000E70000-0x0000000000ED8000-memory.dmp

Filesize
416KB

Download
memory/4140-10-0x0000000008700000-0x0000000008C86000-memory.dmp

Filesize
5.5MB

Download
memory/4140-9-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/4140-8-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/4140-7-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/4140-6-0x00000000057B0000-0x00000000057BA000-memory.dmp

Filesize
40KB

Download
memory/4140-5-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/4140-4-0x00000000748A0000-0x0000000075050000-memory.dmp

Filesize
7.7MB

Download
memory/4140-3-0x0000000005390000-0x0000000005422000-memory.dmp

Filesize
584KB

Download
memory/4140-2-0x0000000005940000-0x0000000005EE4000-memory.dmp

Filesize
5.6MB

Download
memory/4140-1-0x00000000003E0000-0x000000000098A000-memory.dmp

Filesize
5.7MB

Download