bitrat | e386c831df697e516fedcab1ad8a879ae057a5f4f321a873dcd31e9c6760009e

Analysis

max time kernel
169s
max time network
167s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
04-01-2024 18:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

41965fc5d071ce4b42bba9b7c486f784.exe
Size

4.9MB
MD5

41965fc5d071ce4b42bba9b7c486f784
SHA1

e1c90feba42abe5c4ae88d86ae75e021f55afb0b
SHA256

e386c831df697e516fedcab1ad8a879ae057a5f4f321a873dcd31e9c6760009e
SHA512

7ccc5337e0ef03eec69d950af1bf698a53f324e176a8fd05cfb4dc978774663de60637f10f00db4976596867612889d335a7b2b4ffa0a3caf68354c34d4515d9
SSDEEP

49152:36PaeNTtXgpSTeCrkJ9rV/FZjRrZHFqtgJIHiSynJpwjIcOJFSNTUyzL41:kagT+4TaWTUF

Score

10^/10

bitrat zgrat rat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

firewall.publicvm.com:25874

Attributes

communication_password
a20ba4fb329f7dc66c0dd3562e9f9984
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral1/memory/2732-57-0x0000000002000000-0x000000000206C000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-58-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-59-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-61-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-75-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-77-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-81-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-85-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-87-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-83-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-91-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-95-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-97-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-99-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-101-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-93-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-103-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-105-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-109-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-113-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-121-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-119-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-117-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-115-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-111-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-107-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-89-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-79-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-73-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-71-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-69-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-67-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-65-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1
behavioral1/memory/2732-63-0x0000000002000000-0x0000000002066000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 3 IoCs

pid	Process
2732	System.pif
1544	BF1PureCracker0.exe
2276	RegAsm.exe

Loads dropped DLL 8 IoCs

pid	Process
2368	41965fc5d071ce4b42bba9b7c486f784.exe
2368	41965fc5d071ce4b42bba9b7c486f784.exe
2368	41965fc5d071ce4b42bba9b7c486f784.exe
2368	41965fc5d071ce4b42bba9b7c486f784.exe
2368	41965fc5d071ce4b42bba9b7c486f784.exe
2652	Process not Found
2732	System.pif
2276	RegAsm.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
2276	RegAsm.exe
2276	RegAsm.exe
2276	RegAsm.exe
2276	RegAsm.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2732 set thread context of 2276	2732	System.pif	35

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2732	System.pif
2732	System.pif
1816	powershell.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	2732	System.pif
Token: SeDebugPrivilege	1816	powershell.exe
Token: SeDebugPrivilege	2276	RegAsm.exe
Token: SeShutdownPrivilege	2276	RegAsm.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2276	RegAsm.exe
2276	RegAsm.exe

Suspicious use of WriteProcessMemory 31 IoCs

description	pid	Process	procid_target
PID 2368 wrote to memory of 2732	2368	41965fc5d071ce4b42bba9b7c486f784.exe	27
PID 2368 wrote to memory of 2732	2368	41965fc5d071ce4b42bba9b7c486f784.exe	27
PID 2368 wrote to memory of 2732	2368	41965fc5d071ce4b42bba9b7c486f784.exe	27
PID 2368 wrote to memory of 2732	2368	41965fc5d071ce4b42bba9b7c486f784.exe	27
PID 2368 wrote to memory of 1544	2368	41965fc5d071ce4b42bba9b7c486f784.exe	28
PID 2368 wrote to memory of 1544	2368	41965fc5d071ce4b42bba9b7c486f784.exe	28
PID 2368 wrote to memory of 1544	2368	41965fc5d071ce4b42bba9b7c486f784.exe	28
PID 2368 wrote to memory of 1544	2368	41965fc5d071ce4b42bba9b7c486f784.exe	28
PID 2732 wrote to memory of 1948	2732	System.pif	32
PID 2732 wrote to memory of 1948	2732	System.pif	32
PID 2732 wrote to memory of 1948	2732	System.pif	32
PID 2732 wrote to memory of 1948	2732	System.pif	32
PID 1948 wrote to memory of 1816	1948	WScript.exe	34
PID 1948 wrote to memory of 1816	1948	WScript.exe	34
PID 1948 wrote to memory of 1816	1948	WScript.exe	34
PID 1948 wrote to memory of 1816	1948	WScript.exe	34
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35
PID 2732 wrote to memory of 2276	2732	System.pif	35

C:\Users\Admin\AppData\Local\Temp\41965fc5d071ce4b42bba9b7c486f784.exe
"C:\Users\Admin\AppData\Local\Temp\41965fc5d071ce4b42bba9b7c486f784.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2368
- C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif
  "C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2732
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Nakikvvyglg.vbs"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:1948
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA\nvcontainer.exe'
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1816
- - C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
    C:\Users\Admin\AppData\Local\Temp\RegAsm.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2276
- C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe
  "C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe"
  2⤵
  - Executes dropped EXE
  PID:1544

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
323KB

MD5
1dbed07932a92fe69594072cef433423

SHA1
0c5a7b72be30165e5282c9b23f2c39ce6c565200

SHA256
dce38eae8e6a921e1831c18a1907fa1969230c35ccedfa73c4aac162872fd928

SHA512
a7c19b373efdccab6c454a82f4f418e93ed6c0421cc1679b61e583451b9d7688fded2efc1133b62d88f8215fc43abec53a4c7b1b9b1aeceb064524d2426524a9

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
246KB

MD5
4a4a0b2f651ac53e57a3e526a1e5b85c

SHA1
b2e6e8d03514d6556789cfad8ea578ff310cb7d0

SHA256
27d8452541ef131e6dd87cfe7e8befe1703db4f3b6c655d61c751a1c118144ed

SHA512
038bc14e09eb3cf4a0c2bc7042898837ca59bf7590a245dc222e6dfd0bd3530e0a395e9e0073fcaa6852dfac9a540d638016dd31456da2d10a700c02f9a75021

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
216KB

MD5
4f79e3432971d12ecdb7505fedbf687d

SHA1
a17abfc16d91abee714d77cc8b37fb236d2e5b4d

SHA256
d623666826aac49a94b3bde97dffbc5c015661a8ac5059bd379bfd37fe0326f8

SHA512
ba36bbc8fe8b012aab9343c390439f2911b0140ed9bbcf7ca7c0b221da874e7aab0775651288cbc6aaeb8eb95e11d8bab7377faaeb8682bcb8a6de6456b0e550

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\SharpDX.Direct2D1.dll

Filesize
470KB

MD5
19f8591a6baa83af46de41f20224b6f1

SHA1
c736799e1936cec37acbf66fdf1df96f4679562f

SHA256
a94e2f3c206351503f6c4002585af270880854b4b97b730ea51764ef23b5ba79

SHA512
db4798af16452ce7c0e47f59692e1643d2639b0744075b78bb9dc33dbf7de78392bb21f28529b091d54ed0a2185add12f38c256bcb3ba97d34a050e29a19617e

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\SharpDX.Mathematics.dll

Filesize
216KB

MD5
d30f6fb490a820dcdd9c7da971036393

SHA1
177b1b912fb09efacce8bae24fca35ea514f131b

SHA256
be2fe214f8a1515824b523ac85f25c8856370d4ffd90cd22dd78c079f5ea803b

SHA512
332508c32d6c5baf16da59c619fb4b55dfdfccea667582d02ccf72e88d0ddc0acaa2df97adba038bbada9d839145a6cd76c4a7ced5346256d868b3bd548d82e2

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\SharpDX.dll

Filesize
260KB

MD5
6fabeaa1c8ea15e787f2e3b487ab434d

SHA1
c2091f69192903676ed6b181bbf8346b819c43a2

SHA256
28437b8f6036224b187f6ec324af9cd8f20dc5e363b0341f86869e4172f07909

SHA512
076bccbb7ddd4bb7b785bc70dfcaa920c080af30172ce1dcc49594a96f96133d0322db73362c47d8b4d2afa69e0ee0c78a3b423aa4886478080529f864bf1739

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
373KB

MD5
62bb6c387e0ac09f6499abc72a8436a5

SHA1
86e01467113a2d745fccfaed3cf420f032b48cd6

SHA256
788bc3d291971d53f05dcc60792aa8ba57fbaa8b7f13b2b52528cf305f28af52

SHA512
8591f1effcd0ecd913fc892d9eb2b4305c19d9a3998d54b8a403f7ddc25520d1d53f9751d2669a425e33cc0cba5689b09a76adb7ec69a6b6c84c4bfd3a835417

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
204KB

MD5
d1c3ccd35b91c88221dacaf2df2463af

SHA1
7bee8b1a95aad5117edef7f17ba6a8c4ceab2527

SHA256
dd2f579cf95e2676523efa017e8dc365fa4b5196e408796163d4fc08009426f1

SHA512
a35a0b064016c1e7764c8e789518c0422cf3a0038f269df43195169d13760dc0417e7208d7cac5b98d2f6763da655c07939777e7dd005bf7936313709098398d

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
288KB

MD5
897e81d74f49a79b49db5ec4c0258f78

SHA1
53889d25040b1793ba3b7cc50a8cd5979f6c8b27

SHA256
afb54cbd186f57d6db76edb0e4d1ac80b1f878986645c0e1ebc9b0c6cd372c44

SHA512
108c3dc6dedc64eddf85b629d19014415f67e6645243f69b77e0538276862ad7277a55d69594adf7df5b0ddedd101a8f05b97464cb6eef29c3844591626df4f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
44KB

MD5
6bb2db270a32b1a9ce30bdda9f7dc8a6

SHA1
b013fb715436b117588c6515826f6ced5829d4d4

SHA256
304e5bc6a31e8db2c4e82c94e08c351dcdf19d02a4b0c275204a884527dae56f

SHA512
84cf07e22f0fcf6d8c179d15d6e8b3105999a25c1fa3d50963879e89b17e7743611b95c19435cc113a38a8e1991229ed5df0bd98fe306a09c3d4205dfac082dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_Nakikvvyglg.vbs

Filesize
186B

MD5
0d6555dc02c45b1e49ac39075c65cebe

SHA1
2fb0e4464b16db957a06353e14345e0f5a5ba4be

SHA256
368760bf74c0fc525b30d96118bef07fe2cdd1a20373e04151be5a95e6afbe8f

SHA512
775cf89738b1ad02a1aefad53a632e576f9037c3da7adab83c63474716ad4352fc100f85c6045fe725ed04eb003a3afc52b4f809f30e6efe6c31bd59a1b77cd9

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
274KB

MD5
19e71eea8c9f80af54b82693902fe801

SHA1
6a8940596e96dfc47618713feec2d061ccd76264

SHA256
948be482d66cf8cbf326c6103098a9d6b120222577c4f207d63bccbcda3f9205

SHA512
06fb1403be185aa523a4f4acd758d1871074fa9d7e53fb13e16ff038b138e8541540e689efcf936a6369382f850bfabc398c50ebdbc95d0638669b1567f9388f

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
189KB

MD5
d3231d3a03fa7633e1e875529e31bcc7

SHA1
4f04645533e6bfa9104b3583c5b7b24a256b1d45

SHA256
af223e24bf154b92777073ecf0d735dbc348dc1654bbe6ec6ff4943944b84ab5

SHA512
cf94db8ef529415957e5f9f2a67104f4465dd767f3652ac1bbb94472493c53762de0821e819f24d18a4f273d2837f34a3def29a3db1cdf3f7de1cc30e44582f6

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
308KB

MD5
34807e27e2772be32b3cca23495aedc2

SHA1
549a963b15808ca697ee578a975baec7ddd8c524

SHA256
8bcaf77aea4c579780773ef789db6f4ec703f9b66ceddaf12bffb74e044022e8

SHA512
6622d7e420ade554f4768154d795a866fc79f564576e9154e8cce3e8084a4d617dc75cb9b9ae6c7593a9fa92c0b58aac46e56d6652b4343d68e10c8b0482bfb3

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
223KB

MD5
af9fb2f0dc26092eaa1f1e129786b082

SHA1
7e8c6fd7e44f3332406533da22431aea397f331f

SHA256
2cd28d2f85702ee3b813a91590556ab4fcd67f86d16271d6c3d065aafddec30f

SHA512
c9aa4a7a35699a8c196028f0d8cd064daaea7d08ff7f9333fa12fe333b1e1cedbb691c17c6294babc6d00d422bbf35df043c16aaf8164d726a56c9631010e419

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
187KB

MD5
eeb48cb7a10641d9d9d744b15bf3adf8

SHA1
6f5754ba9a786b400cd7c40ec8384fb2de72ce9d

SHA256
0d79df0cddb7d24aa18e5b4ec3fe8cec70e0e45b14b7eca85c8d07738ce1fe73

SHA512
0c69d31bb1cc2af6cff28399b8085ecf52c2112063f479b563e2d3e0f89f054fb3084ef44928ebde2647b84b91a8061ac3b0ae8669f7c5fb3b0db181c33ca715

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\System.pif

Filesize
301KB

MD5
be6cd2e92a9c8b06752bb131f020890f

SHA1
6b678e0f873a30bf46215f971f472ba2f5bb8f28

SHA256
112d16bd2c8cd5bd937ab608bd239b83c6c7822e3f1f61ecfb332d3150601ec4

SHA512
9bd49f9cdfb0ba69c87c4f814103e487f53be93ba013c40a82e5676fda587dfa1cf62b2076fd9297818e4b1e6e2991b2c22ae06e6e4e915d309edea9bbe6d720

Download Submit
\Users\Admin\AppData\Local\Temp\RegAsm.exe

Filesize
63KB

MD5
b58b926c3574d28d5b7fdd2ca3ec30d5

SHA1
d260c4ffd603a9cfc057fcb83d678b1cecdf86f9

SHA256
6e70b56d748c4ccab13cc8a055d3795ea0dd95fe3b70568d7d3ac0c6621140a3

SHA512
b13cb998822b716b695013bcd6dec62a2290567d0d1743b2d982ca084235cf69c6ea1fc91c9d4e62657c6f9e102c7c60e81296ab055ffe43b887c5f8ec8958ab

Download Submit
memory/1544-52-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/1544-41-0x0000000000160000-0x0000000000178000-memory.dmp

Filesize
96KB

Download
memory/1544-46-0x0000000000180000-0x000000000018A000-memory.dmp

Filesize
40KB

Download
memory/1544-48-0x000000001AB80000-0x000000001ABC8000-memory.dmp

Filesize
288KB

Download
memory/1544-42-0x000000001BB50000-0x000000001BBD0000-memory.dmp

Filesize
512KB

Download
memory/1544-45-0x0000000002100000-0x000000000217C000-memory.dmp

Filesize
496KB

Download
memory/1544-50-0x000000001AAC0000-0x000000001AAFC000-memory.dmp

Filesize
240KB

Download
memory/1544-40-0x000007FEF5950000-0x000007FEF633C000-memory.dmp

Filesize
9.9MB

Download
memory/1544-39-0x000000013F500000-0x000000013F566000-memory.dmp

Filesize
408KB

Download
memory/1544-53-0x000000001BB50000-0x000000001BBD0000-memory.dmp

Filesize
512KB

Download
memory/1816-2019-0x000000006F640000-0x000000006FBEB000-memory.dmp

Filesize
5.7MB

Download
memory/1816-2020-0x0000000002140000-0x0000000002180000-memory.dmp

Filesize
256KB

Download
memory/1816-2021-0x0000000002140000-0x0000000002180000-memory.dmp

Filesize
256KB

Download
memory/1816-2018-0x000000006F640000-0x000000006FBEB000-memory.dmp

Filesize
5.7MB

Download
memory/1816-2024-0x000000006F640000-0x000000006FBEB000-memory.dmp

Filesize
5.7MB

Download
memory/1816-2023-0x0000000002140000-0x0000000002180000-memory.dmp

Filesize
256KB

Download
memory/2276-2022-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/2276-2033-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/2732-81-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-107-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-75-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-85-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-87-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-83-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-91-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-95-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-97-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-99-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-101-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-93-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-103-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-105-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-109-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-113-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-121-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-119-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-117-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-115-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-111-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-77-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-89-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-79-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-73-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-71-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-69-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-67-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-65-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-63-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-61-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-59-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-58-0x0000000002000000-0x0000000002066000-memory.dmp

Filesize
408KB

Download
memory/2732-2016-0x0000000073B90000-0x000000007427E000-memory.dmp

Filesize
6.9MB

Download
memory/2732-57-0x0000000002000000-0x000000000206C000-memory.dmp

Filesize
432KB

Download
memory/2732-56-0x0000000005E30000-0x000000000603A000-memory.dmp

Filesize
2.0MB

Download
memory/2732-54-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/2732-55-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/2732-51-0x0000000073B90000-0x000000007427E000-memory.dmp

Filesize
6.9MB

Download
memory/2732-43-0x0000000004650000-0x0000000004690000-memory.dmp

Filesize
256KB

Download
memory/2732-37-0x0000000000180000-0x000000000046C000-memory.dmp

Filesize
2.9MB

Download
memory/2732-38-0x0000000073B90000-0x000000007427E000-memory.dmp

Filesize
6.9MB

Download