zgrat | e10ea81c37adf8e2d4d37fd1a7220318c7a83233b6abf4a79a12c756d3a3dc44

Analysis

max time kernel
149s
max time network
119s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 03:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe
Size

1.9MB
MD5

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc
SHA1

b4ec80627dea1ce0cf48180ead2647c1e59a11f4
SHA256

e10ea81c37adf8e2d4d37fd1a7220318c7a83233b6abf4a79a12c756d3a3dc44
SHA512

c6f6dc178c563aa794f437ae72b2999695a98e97605dee9de4f053bf5b4e4838b1029377c35b6eb4b161f29834b78578c08a27f0455e4dc8bc1bfa24bb91fb97
SSDEEP

49152:3zjhkfO9FWUoQeoUwpicHo3vqAoPyoZxKIBBh7rN:3Xyf/YBYcI3vqThOAl

Score

10^/10

zgrat persistence rat

Malware Config

Signatures

Detect ZGRat V1 32 IoCs

Processes:

resource	yara_rule
behavioral2/memory/4796-126-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-138-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-156-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-164-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-166-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-170-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-174-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-176-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-180-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-182-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-178-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-172-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-168-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-162-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-160-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-158-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-154-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-152-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-150-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-148-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-146-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-144-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-142-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-140-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-136-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-134-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-132-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-130-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-128-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-124-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-122-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1
behavioral2/memory/4796-121-0x0000000006CF0000-0x0000000006D6C000-memory.dmp	family_zgrat_v1

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

Processes:

regasm.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "explorer.exe,\"C:\\Users\\Admin\\AppData\\Roaming\\stream.exe\","	regasm.exe

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-3791175113-1062217823-1177695025-1000\Control Panel\International\Geo\Nation	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

Executes dropped EXE 3 IoCs

Processes:

Anyname.exeMSBuild.exeMSBuild.exe

pid process

3256 Anyname.exe
2196 MSBuild.exe
264 MSBuild.exe
Unexpected DNS network traffic destination 2 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes:

description ioc

Destination IP 185.141.152.26
Destination IP 185.141.152.26

pid	process
3256	Anyname.exe
2196	MSBuild.exe
264	MSBuild.exe

description	ioc
Destination IP	185.141.152.26
Destination IP	185.141.152.26

Suspicious use of SetThreadContext 2 IoCs

Processes:

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exeregasm.exe

description	pid	process	target process
PID 216 set thread context of 4796	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	regasm.exe
PID 4796 set thread context of 264	4796	regasm.exe	MSBuild.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

regasm.exe

pid process

4796 regasm.exe
4796 regasm.exe
4796 regasm.exe
4796 regasm.exe
4796 regasm.exe
4796 regasm.exe
Suspicious behavior: MapViewOfSection 1 IoCs

Processes:

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

pid process

216 3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

pid	process
4796	regasm.exe
4796	regasm.exe
4796	regasm.exe
4796	regasm.exe
4796	regasm.exe
4796	regasm.exe

pid	process
216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

Processes:

AUDIODG.EXEregasm.exeMSBuild.exe

description	pid	process
Token: 33	4808	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4808	AUDIODG.EXE
Token: SeDebugPrivilege	4796	regasm.exe
Token: SeShutdownPrivilege	264	MSBuild.exe
Token: SeCreatePagefilePrivilege	264	MSBuild.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

pid process

216 3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

pid	process
216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe

Suspicious use of WriteProcessMemory 17 IoCs

Processes:

3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exeregasm.exe

description	pid	process	target process
PID 216 wrote to memory of 3256	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	Anyname.exe
PID 216 wrote to memory of 3256	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	Anyname.exe
PID 216 wrote to memory of 3256	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	Anyname.exe
PID 216 wrote to memory of 4796	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	regasm.exe
PID 216 wrote to memory of 4796	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	regasm.exe
PID 216 wrote to memory of 4796	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	regasm.exe
PID 216 wrote to memory of 4796	216	3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe	regasm.exe
PID 4796 wrote to memory of 2196	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 2196	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 2196	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe
PID 4796 wrote to memory of 264	4796	regasm.exe	MSBuild.exe

C:\Users\Admin\AppData\Local\Temp\3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe
"C:\Users\Admin\AppData\Local\Temp\3fc4f59e7aa2ac0a1bffbc8d2e4d29dc.exe"
1⤵
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:216
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
  2⤵
  - Modifies WinLogon for persistence
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:4796
- - C:\Users\Admin\AppData\Local\Temp\MSBuild.exe
    C:\Users\Admin\AppData\Local\Temp\MSBuild.exe
    3⤵
    - Executes dropped EXE
    PID:2196
- - C:\Users\Admin\AppData\Local\Temp\MSBuild.exe
    C:\Users\Admin\AppData\Local\Temp\MSBuild.exe
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    PID:264
- C:\ProgramData\Anyname.exe
  "C:\ProgramData\Anyname.exe"
  2⤵
  - Executes dropped EXE
  PID:3256

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f4 0x4bc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4808

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Winlogon Helper DLL

T1547.004

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\MSBuild.exe

Filesize
256KB

MD5
8fdf47e0ff70c40ed3a17014aeea4232

SHA1
e6256a0159688f0560b015da4d967f41cbf8c9bd

SHA256
ed9884bac608c06b7057037cc91d90e4ae5f74dd2dbce2af476699c6d4492d82

SHA512
bd69d092ed4f9c5e1f24eaf5ec79fb316469d53849dc798fae0fcba5e90869b77ee924c23cc6f692198ff25827ab60ad47bb46cadd6e0aadde7731cbafb013be

Download Submit
C:\Users\Admin\AppData\Local\Temp\MSBuild.exe

Filesize
92KB

MD5
eedd508f167fd443162d792d3ea94b63

SHA1
da2e82f7f77e10f7d0ed24f9278aa2269c84024d

SHA256
51816d2c4e922aca0ae7de70e327b86846528af160829f98bc1f47a9a23d1738

SHA512
b6283d19260edbc4b6d0c79d6e02036f938ecc3887a78529eb8981c6671dbfa09494942629683fbb5d2fe3e539c991f6bf53469a709e76b21f40a6425ac5c9fc

Download Submit
memory/216-107-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-37-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-32-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-36-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-105-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-42-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-48-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-52-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-56-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-63-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-69-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-72-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-76-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-81-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-86-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-94-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-96-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-14-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-18-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-108-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-110-0x00000000039C0000-0x00000000039C8000-memory.dmp

Filesize
32KB

Download
memory/216-11-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-20-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-12-0x0000000075520000-0x000000007567D000-memory.dmp

Filesize
1.4MB

Download
memory/216-16-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-2-0x00000000778D2000-0x00000000778D3000-memory.dmp

Filesize
4KB

Download
memory/216-109-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-106-0x0000000075520000-0x000000007567D000-memory.dmp

Filesize
1.4MB

Download
memory/216-22-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-26-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-24-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-10-0x00000000023B0000-0x00000000023B1000-memory.dmp

Filesize
4KB

Download
memory/216-28-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-92-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-82-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-79-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-78-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-77-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-75-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-74-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-73-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-71-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-70-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-67-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-66-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-65-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/216-60-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-58-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-54-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-50-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-46-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-44-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-40-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-34-0x0000000000730000-0x0000000000830000-memory.dmp

Filesize
1024KB

Download
memory/216-30-0x0000000000400000-0x00000000005E3000-memory.dmp

Filesize
1.9MB

Download
memory/3256-99-0x0000000000490000-0x00000000004C3000-memory.dmp

Filesize
204KB

Download
memory/3256-102-0x0000000005430000-0x00000000059D4000-memory.dmp

Filesize
5.6MB

Download
memory/3256-114-0x0000000004E90000-0x0000000004E9A000-memory.dmp

Filesize
40KB

Download
memory/3256-104-0x0000000004F20000-0x0000000004FB2000-memory.dmp

Filesize
584KB

Download
memory/3256-101-0x0000000073880000-0x0000000074030000-memory.dmp

Filesize
7.7MB

Download
memory/4796-113-0x00000000011B0000-0x00000000011B1000-memory.dmp

Filesize
4KB

Download
memory/4796-100-0x0000000000400000-0x000000000057B000-memory.dmp

Filesize
1.5MB

Download
memory/4796-112-0x0000000000400000-0x0000000000576000-memory.dmp

Filesize
1.5MB

Download
memory/4796-126-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-138-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-156-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-164-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-166-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-170-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-174-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-176-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-180-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-182-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-178-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-172-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-168-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-162-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-160-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-158-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-154-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-152-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-150-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-148-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-146-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-144-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-142-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-140-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-136-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-134-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-132-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-130-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-128-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-124-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-122-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-121-0x0000000006CF0000-0x0000000006D6C000-memory.dmp

Filesize
496KB

Download
memory/4796-111-0x00000000778D2000-0x00000000778D3000-memory.dmp

Filesize
4KB

Download
memory/4796-115-0x0000000073880000-0x0000000074030000-memory.dmp

Filesize
7.7MB

Download