bitrat | 187c5699381bf37552882dce7593759d8ab041e916c4493341080df0de46fdea

Analysis

max time kernel
32s
max time network
105s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

415869c1ab4d22fdc26b5618672d793f.exe
Size

2.3MB
MD5

415869c1ab4d22fdc26b5618672d793f
SHA1

bbd136b9aa1fdc1d39b5eae4307b5edf97590411
SHA256

187c5699381bf37552882dce7593759d8ab041e916c4493341080df0de46fdea
SHA512

c3f8188419276982f2763e29cdfd935fc050e76cc7be2a7c7c6787a28f1c022d7e853d2109c48e8c32fdc0189107fadfc47204a9de77292e803f5157965e9536
SSDEEP

49152:LB65PDuw5ekGUTnJ0GLJE2zj9SmfONWIUAGYYnIu:LB65qDkvnJ5La2zjIkOsHxYNu

Score

10^/10

bitrat zgrat rat trojan

Malware Config

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Detect ZGRat V1 34 IoCs

Processes:

resource	yara_rule
behavioral2/memory/3192-9-0x0000000008480000-0x00000000084EC000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-15-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-17-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-33-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-51-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-65-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-73-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-71-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-69-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-67-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-63-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-61-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-59-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-57-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-55-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-53-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-49-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-47-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-45-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-43-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-41-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-39-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-37-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-35-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-31-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-29-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-27-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-25-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-23-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-21-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-19-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-13-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-11-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1
behavioral2/memory/3192-10-0x0000000008480000-0x00000000084E6000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat
Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

415869c1ab4d22fdc26b5618672d793f.exe

description pid process

Token: SeDebugPrivilege 3192 415869c1ab4d22fdc26b5618672d793f.exe

description	pid	process
Token: SeDebugPrivilege	3192	415869c1ab4d22fdc26b5618672d793f.exe

C:\Users\Admin\AppData\Local\Temp\415869c1ab4d22fdc26b5618672d793f.exe
"C:\Users\Admin\AppData\Local\Temp\415869c1ab4d22fdc26b5618672d793f.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3192

C:\Windows\SysWOW64\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\Xiojsse.vbs"
2⤵
PID:5052

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Dpwkkvetulruhfxfjrdt11720120210713093002.pdf"
3⤵
PID:544

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
4⤵
PID:2928

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=021BF90409BFFB6FD3B5287A132EE1FE --mojo-platform-channel-handle=1732 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
5⤵
PID:4668

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B24BFBDD94EE7B7A8BD45C58F326A696 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B24BFBDD94EE7B7A8BD45C58F326A696 --renderer-client-id=2 --mojo-platform-channel-handle=1744 --allow-no-sandbox-job /prefetch:1
5⤵
PID:3464

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=2D281207B8276999744F8F1EB3DE135D --mojo-platform-channel-handle=2140 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
5⤵
PID:3404

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=F2C326556764BA87DE9BE56FD63513A9 --mojo-platform-channel-handle=1880 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
5⤵
PID:636

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=7201E061B4B218E107C66B7A676E1FC7 --mojo-platform-channel-handle=2228 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
5⤵
PID:4020

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Start-Sleep -s 5; Remove-Item -Path "C:\Users\Admin\AppData\Local\Temp\415869c1ab4d22fdc26b5618672d793f.exe" -Force
2⤵
PID:4864

C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
2⤵
PID:2828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3852

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
56KB

MD5
c26ed30e7d5ab440480838636efc41db

SHA1
c66e0d00b56abebfb60d2fcc5cf85ad31a0d6591

SHA256
6a3c5c4a8e57f77ecc22078fbf603ecc31fb82d429bd87b7b4b9261447092aef

SHA512
96cdb78bca3e01d4513c31661987e5646e6a8ff24708918aa0d66dfa3ca5d98af4862c9f38c4f41f933c345d2d3adfb1d34d1430b33f45f916f41a9872a030df

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
21KB

MD5
fb3aa2dadf53a90e82254bf319ab81f3

SHA1
f25d19739244996dc9482ae2256969421789e7c0

SHA256
48ae5032e1eea0854752e467387baee7e6cfa511437c76bb10e264792ef9098e

SHA512
81c696b88bdcc94ca8020a028443b0761e383ebf7f9fe49a2eea515e2bf27eefdfd51599ca20134c4db65a1fb81cc27047f58a2297323e67010e7b2a1fbfe017

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
Filesize
64KB

MD5
1c390fab70f47d86948071abfa439d99

SHA1
0d9affea9c923ec6841c28bc029917fae0f0e6b8

SHA256
8ae2b7ea94f4db0386bd2d4d247fd452f8a80055c9b590d4b31c6ebda5bc9170

SHA512
493705db7ac8fc64b86af197367ac69b4c94a0d341c9d92f7819f85789cb3f9260d5459140f1d6f199a8749a9aaa4b689483f3f5bac2a09965aade4aeb42fd8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Dpwkkvetulruhfxfjrdt11720120210713093002.pdf
Filesize
9KB

MD5
0b429190e6b8c6e81914cfc61d78ec19

SHA1
b3cf0fd91d393af6a2dbac050ad2fba8e7a24aef

SHA256
caf6f141e7889d7e370856601a7685cf3a54e3509c7512d950976ac9a1fa2748

SHA512
17b911555caee635039b170d97c76157e399eb61eda2589e57dde6a8f5d73bda98d407edc7e2d155fa4690c3631a9f1e652acb14cbbca1ec6d0659314f4e05f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\InstallUtil.exe
Filesize
41KB

MD5
5d4073b2eb6d217c19f2b22f21bf8d57

SHA1
f0209900fbf08d004b886a0b3ba33ea2b0bf9da8

SHA256
ac1a3f21fcc88f9cee7bf51581eafba24cc76c924f0821deb2afdf1080ddf3d3

SHA512
9ac94880684933ba3407cdc135abc3047543436567af14cd9269c4adc5a6535db7b867d6de0d6238a21b94e69f9890dbb5739155871a624520623a7e56872159

Download Submit
C:\Users\Admin\AppData\Local\Temp\Xiojsse.vbs
Filesize
128B

MD5
40123ff191ef8dfe6f81982514b90d0d

SHA1
289590c9b25a42dbaa803645701271d03afd07d4

SHA256
fab468f099d718d9cc5c5840eaed3a85cdc1c3895465578484def07c359386c1

SHA512
d4ab9ca02cc624699a4d6006fe3c4432598bad90d0d6ce838919abce28a725effd0cf4fa88409ae30f5555fa2ad18926cfa14a3d77efaf560c94119729977d68

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_24ihajwf.omw.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
memory/2828-2276-0x0000000073890000-0x00000000738C9000-memory.dmp

Filesize
228KB

Download
memory/2828-2261-0x00000000738C0000-0x00000000738F9000-memory.dmp

Filesize
228KB

Download
memory/2828-2260-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/2828-2157-0x0000000067080000-0x00000000670B9000-memory.dmp

Filesize
228KB

Download
memory/2828-2134-0x000000006CE80000-0x000000006CEB9000-memory.dmp

Filesize
228KB

Download
memory/2828-2126-0x00000000700E0000-0x0000000070119000-memory.dmp

Filesize
228KB

Download
memory/2828-2286-0x0000000073890000-0x00000000738C9000-memory.dmp

Filesize
228KB

Download
memory/2828-2303-0x0000000073890000-0x00000000738C9000-memory.dmp

Filesize
228KB

Download
memory/2828-2320-0x0000000073890000-0x00000000738C9000-memory.dmp

Filesize
228KB

Download
memory/2828-2106-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/3192-63-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-17-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-0-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/3192-61-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-59-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-57-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-55-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-53-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-49-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-47-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-45-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-43-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-41-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-39-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-37-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-35-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-31-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-29-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-27-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-25-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-23-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-21-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-19-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-13-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-11-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-10-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-2086-0x00000000053B0000-0x00000000053CE000-memory.dmp

Filesize
120KB

Download
memory/3192-69-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-1-0x0000000000320000-0x000000000057A000-memory.dmp

Filesize
2.4MB

Download
memory/3192-2-0x0000000005650000-0x0000000005BF4000-memory.dmp

Filesize
5.6MB

Download
memory/3192-3-0x0000000004F80000-0x0000000005012000-memory.dmp

Filesize
584KB

Download
memory/3192-4-0x0000000005150000-0x0000000005160000-memory.dmp

Filesize
64KB

Download
memory/3192-2107-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/3192-5-0x0000000004F70000-0x0000000004F7A000-memory.dmp

Filesize
40KB

Download
memory/3192-71-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-6-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/3192-7-0x0000000006270000-0x000000000647C000-memory.dmp

Filesize
2.0MB

Download
memory/3192-8-0x0000000006500000-0x0000000006576000-memory.dmp

Filesize
472KB

Download
memory/3192-73-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-65-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-9-0x0000000008480000-0x00000000084EC000-memory.dmp

Filesize
432KB

Download
memory/3192-51-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-15-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-67-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/3192-33-0x0000000008480000-0x00000000084E6000-memory.dmp

Filesize
408KB

Download
memory/4864-2114-0x0000000005AE0000-0x0000000005B46000-memory.dmp

Filesize
408KB

Download
memory/4864-2161-0x0000000007A30000-0x0000000007AC6000-memory.dmp

Filesize
600KB

Download
memory/4864-2122-0x0000000006810000-0x000000000685C000-memory.dmp

Filesize
304KB

Download
memory/4864-2121-0x00000000067C0000-0x00000000067DE000-memory.dmp

Filesize
120KB

Download
memory/4864-2123-0x0000000008010000-0x000000000868A000-memory.dmp

Filesize
6.5MB

Download
memory/4864-2165-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/4864-2124-0x0000000006CC0000-0x0000000006CDA000-memory.dmp

Filesize
104KB

Download
memory/4864-2099-0x0000000005C00000-0x0000000006228000-memory.dmp

Filesize
6.2MB

Download
memory/4864-2162-0x0000000006DB0000-0x0000000006DD2000-memory.dmp

Filesize
136KB

Download
memory/4864-2120-0x00000000063C0000-0x0000000006714000-memory.dmp

Filesize
3.3MB

Download
memory/4864-2119-0x0000000006330000-0x0000000006396000-memory.dmp

Filesize
408KB

Download
memory/4864-2108-0x0000000005A00000-0x0000000005A22000-memory.dmp

Filesize
136KB

Download
memory/4864-2102-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/4864-2104-0x0000000002F30000-0x0000000002F40000-memory.dmp

Filesize
64KB

Download
memory/4864-2098-0x0000000074D60000-0x0000000075510000-memory.dmp

Filesize
7.7MB

Download
memory/4864-2094-0x0000000002E80000-0x0000000002EB6000-memory.dmp

Filesize
216KB

Download