bitrat | a6c9311a9434e428bec6dd1b01e2e4033d4f8685cae164aa14e335ba0a176d09

Analysis

max time kernel
140s
max time network
134s
platform
windows7_x64
resource
win7-20231129-en
resource tags

arch:x64arch:x86image:win7-20231129-enlocale:en-usos:windows7-x64system
submitted
07-01-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

496d5fc129c98a075ea39863bd8938a2.exe
Size

4.2MB
MD5

496d5fc129c98a075ea39863bd8938a2
SHA1

17ea2c2f785749550044a4fe055163216f47b76c
SHA256

a6c9311a9434e428bec6dd1b01e2e4033d4f8685cae164aa14e335ba0a176d09
SHA512

567fa49ceced374a4123a7441014c1da325973d763f1222b4631b01c26ac7163330fae7a1ba08d73a9e68b4830e4320a17523d48ccd786f86b087a3d3094a2ad
SSDEEP

49152:36PaeNTOyzL4EXgpSTeCrkT04991Gexjmo1G3q99C336nGhl52LQaRV8/qz+qq2E:kagTOb4TGljhFmU/eqq2Ltk/FqqibWT7

Score

10^/10

bitrat zgrat rat trojan

Malware Config

Extracted

Family

bitrat

Version

1.38

firewall.publicvm.com:25874

Attributes

communication_password
a20ba4fb329f7dc66c0dd3562e9f9984
tor_process
tor

Signatures

BitRAT
BitRAT is a remote access tool written in C++ and uses leaked source code from other families.
trojan bitrat

Detect ZGRat V1 34 IoCs

resource	yara_rule
behavioral1/memory/2096-73-0x0000000002260000-0x00000000022E0000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-137-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-135-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-133-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-131-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-129-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-127-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-125-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-123-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-121-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-119-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-117-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-115-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-113-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-111-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-109-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-107-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-105-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-103-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-101-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-99-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-97-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-95-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-93-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-91-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-89-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-87-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-85-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-83-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-81-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-79-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-77-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-75-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1
behavioral1/memory/2096-74-0x0000000002260000-0x00000000022DA000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 3 IoCs

pid	Process
2096	Sys.pif
2696	BF1PureCracker0.exe
1432	Sys.pif

Loads dropped DLL 7 IoCs

pid	Process
880	496d5fc129c98a075ea39863bd8938a2.exe
880	496d5fc129c98a075ea39863bd8938a2.exe
880	496d5fc129c98a075ea39863bd8938a2.exe
880	496d5fc129c98a075ea39863bd8938a2.exe
880	496d5fc129c98a075ea39863bd8938a2.exe
2620	Process not Found
2096	Sys.pif

Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs

pid	Process
1432	Sys.pif
1432	Sys.pif
1432	Sys.pif
1432	Sys.pif

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2096 set thread context of 1432	2096	Sys.pif	37

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 5 IoCs

pid	Process
2468	powershell.exe
1124	powershell.exe
2096	Sys.pif
2096	Sys.pif
1064	powershell.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

description	pid	Process
Token: SeDebugPrivilege	2468	powershell.exe
Token: SeIncreaseQuotaPrivilege	2468	powershell.exe
Token: SeSecurityPrivilege	2468	powershell.exe
Token: SeTakeOwnershipPrivilege	2468	powershell.exe
Token: SeLoadDriverPrivilege	2468	powershell.exe
Token: SeSystemProfilePrivilege	2468	powershell.exe
Token: SeSystemtimePrivilege	2468	powershell.exe
Token: SeProfSingleProcessPrivilege	2468	powershell.exe
Token: SeIncBasePriorityPrivilege	2468	powershell.exe
Token: SeCreatePagefilePrivilege	2468	powershell.exe
Token: SeBackupPrivilege	2468	powershell.exe
Token: SeRestorePrivilege	2468	powershell.exe
Token: SeShutdownPrivilege	2468	powershell.exe
Token: SeDebugPrivilege	2468	powershell.exe
Token: SeSystemEnvironmentPrivilege	2468	powershell.exe
Token: SeRemoteShutdownPrivilege	2468	powershell.exe
Token: SeUndockPrivilege	2468	powershell.exe
Token: SeManageVolumePrivilege	2468	powershell.exe
Token: 33	2468	powershell.exe
Token: 34	2468	powershell.exe
Token: 35	2468	powershell.exe
Token: SeDebugPrivilege	1124	powershell.exe
Token: SeIncreaseQuotaPrivilege	1124	powershell.exe
Token: SeSecurityPrivilege	1124	powershell.exe
Token: SeTakeOwnershipPrivilege	1124	powershell.exe
Token: SeLoadDriverPrivilege	1124	powershell.exe
Token: SeSystemProfilePrivilege	1124	powershell.exe
Token: SeSystemtimePrivilege	1124	powershell.exe
Token: SeProfSingleProcessPrivilege	1124	powershell.exe
Token: SeIncBasePriorityPrivilege	1124	powershell.exe
Token: SeCreatePagefilePrivilege	1124	powershell.exe
Token: SeBackupPrivilege	1124	powershell.exe
Token: SeRestorePrivilege	1124	powershell.exe
Token: SeShutdownPrivilege	1124	powershell.exe
Token: SeDebugPrivilege	1124	powershell.exe
Token: SeSystemEnvironmentPrivilege	1124	powershell.exe
Token: SeRemoteShutdownPrivilege	1124	powershell.exe
Token: SeUndockPrivilege	1124	powershell.exe
Token: SeManageVolumePrivilege	1124	powershell.exe
Token: 33	1124	powershell.exe
Token: 34	1124	powershell.exe
Token: 35	1124	powershell.exe
Token: SeDebugPrivilege	2096	Sys.pif
Token: SeDebugPrivilege	1064	powershell.exe
Token: SeDebugPrivilege	1432	Sys.pif
Token: SeShutdownPrivilege	1432	Sys.pif

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
1432	Sys.pif
1432	Sys.pif

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 880 wrote to memory of 2096	880	496d5fc129c98a075ea39863bd8938a2.exe	28
PID 880 wrote to memory of 2096	880	496d5fc129c98a075ea39863bd8938a2.exe	28
PID 880 wrote to memory of 2096	880	496d5fc129c98a075ea39863bd8938a2.exe	28
PID 880 wrote to memory of 2096	880	496d5fc129c98a075ea39863bd8938a2.exe	28
PID 880 wrote to memory of 2696	880	496d5fc129c98a075ea39863bd8938a2.exe	30
PID 880 wrote to memory of 2696	880	496d5fc129c98a075ea39863bd8938a2.exe	30
PID 880 wrote to memory of 2696	880	496d5fc129c98a075ea39863bd8938a2.exe	30
PID 880 wrote to memory of 2696	880	496d5fc129c98a075ea39863bd8938a2.exe	30
PID 2096 wrote to memory of 2468	2096	Sys.pif	32
PID 2096 wrote to memory of 2468	2096	Sys.pif	32
PID 2096 wrote to memory of 2468	2096	Sys.pif	32
PID 2096 wrote to memory of 2468	2096	Sys.pif	32
PID 2096 wrote to memory of 1124	2096	Sys.pif	35
PID 2096 wrote to memory of 1124	2096	Sys.pif	35
PID 2096 wrote to memory of 1124	2096	Sys.pif	35
PID 2096 wrote to memory of 1124	2096	Sys.pif	35
PID 2096 wrote to memory of 2856	2096	Sys.pif	36
PID 2096 wrote to memory of 2856	2096	Sys.pif	36
PID 2096 wrote to memory of 2856	2096	Sys.pif	36
PID 2096 wrote to memory of 2856	2096	Sys.pif	36
PID 2856 wrote to memory of 1064	2856	WScript.exe	39
PID 2856 wrote to memory of 1064	2856	WScript.exe	39
PID 2856 wrote to memory of 1064	2856	WScript.exe	39
PID 2856 wrote to memory of 1064	2856	WScript.exe	39
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37
PID 2096 wrote to memory of 1432	2096	Sys.pif	37

C:\Users\Admin\AppData\Local\Temp\496d5fc129c98a075ea39863bd8938a2.exe
"C:\Users\Admin\AppData\Local\Temp\496d5fc129c98a075ea39863bd8938a2.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:880
- C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\Sys.pif
  "C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\Sys.pif"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2096
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2468
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection 8.8.8.8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1124
- - C:\Windows\SysWOW64\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Cughlqhdqdvxnicuaztmvn.vbs"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2856
  - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NVIDIA\nvcontainer.exe'
      4⤵
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1064
- - C:\Users\Admin\AppData\Local\Temp\Sys.pif
    C:\Users\Admin\AppData\Local\Temp\Sys.pif
    3⤵
    - Executes dropped EXE
    - Suspicious use of NtSetInformationThreadHideFromDebugger
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1432
- C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe
  "C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe"
  2⤵
  - Executes dropped EXE
  PID:2696

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
383KB

MD5
c2a78b5610d2abd529688c420bde478e

SHA1
7a6b9c6f66f7df7540ecfd633f9735c4828f9b3a

SHA256
36c76fcef546a898a0c6f4d811b9106574ac5e82f5354569871be9679091871c

SHA512
b000464af649879dc724a9d805601ba9f627e03f28a65bc2a13a946f840d70bd8e6835511701657c795b96fd4521c7f23826b168a0bf2429e9d36bb596797aa2

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
92KB

MD5
1ec86b222049775e000447ea76a64f67

SHA1
418edc66312d10c96c3fdc06366e652379d4ac9b

SHA256
26bc06ac1fd5d1b8e8612bc9682dcc6b51aa05498dba30650eef95eb24660642

SHA512
36285bc84a4e05650478bce9ca55bcdf8384ce3f8e39fc86bc268214a77de77d81be419e6d461c3da687a91fb74dd2d8211b73d0f8a1da747c57b0664ee14e11

Download Submit
C:\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\Sys.pif

Filesize
893KB

MD5
b4bfbbd8c27fb4cbd0e1b8c63eea43e6

SHA1
347869e110d2733e8f22b935a064fafb5fbed0fb

SHA256
751a1d639c59080f009597d45d09f5be3d02b3324341486dea8a0ebf9d16974c

SHA512
668b43933075807b439e7aa2a77dc642a7040605a536d7b82dca09b540c5db95e4269728d3401aeb2e9aa4e646d38815fec39ef5dda109fdd0359cec83e2b88c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

Filesize
7KB

MD5
bbed485d156f6f87220f1757c61f58bf

SHA1
3a1d97a8ae3e5796d8feced351fae790aef0767a

SHA256
39738b5451ee94507597768b7b85279991ddb9d49d781e68f41e9678c0efcc59

SHA512
6a0f4352969d7627fe4686a99347d653387dce0a67cde021b89f6a9b6fe8ad514a5c42331dfe6f166d1c2a5781356809e1f6e7e55fb24be7e09970646f14d757

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\BF1PureCracker0.exe

Filesize
381KB

MD5
ab33035218b4fbf9e6bbcefc4fe905c1

SHA1
a22fd374409fe88f8977fede3068f0b0506eb08b

SHA256
4c56525f5fadef31176166b4c97d58175eac92c27f5abad273daa2afb3694dee

SHA512
1a41310519348a28db00a8a1583b6e1790371d395e1dce8713fb7376b73b84b77c67b41a9cc4db339e898876417f5779f9541b734778e12b1662333709c07e80

Download Submit
\Users\Admin\AppData\Local\Origin\Install\Setup\Battlefield1\ErrorAssistant\Sys.pif

Filesize
2.2MB

MD5
76555816c73f34e86608807c7737a593

SHA1
3c38473581f2c602a25707ee9000634f4b4d033a

SHA256
64299aa25ed5fae3be2ac53c376875280bb624a555674bc89f43e58cf06fde6d

SHA512
a2a28ef202a332d002cf831c8fb94ef67dc392e543748c8b819fae191829fce038211a905ee08836556a73f9bc4918313c4be6ab9e7ef068503054eedfd3f22b

Download Submit
memory/1064-2593-0x0000000002B50000-0x0000000002B90000-memory.dmp

Filesize
256KB

Download
memory/1064-2609-0x000000006FD50000-0x00000000702FB000-memory.dmp

Filesize
5.7MB

Download
memory/1064-2591-0x000000006FD50000-0x00000000702FB000-memory.dmp

Filesize
5.7MB

Download
memory/1064-2598-0x0000000002B50000-0x0000000002B90000-memory.dmp

Filesize
256KB

Download
memory/1064-2597-0x0000000002B50000-0x0000000002B90000-memory.dmp

Filesize
256KB

Download
memory/1064-2595-0x000000006FD50000-0x00000000702FB000-memory.dmp

Filesize
5.7MB

Download
memory/1124-65-0x000000006FD50000-0x00000000702FB000-memory.dmp

Filesize
5.7MB

Download
memory/1124-2611-0x000000006FD50000-0x00000000702FB000-memory.dmp

Filesize
5.7MB

Download
memory/1124-66-0x0000000002A20000-0x0000000002A60000-memory.dmp

Filesize
256KB

Download
memory/1124-67-0x0000000002A20000-0x0000000002A60000-memory.dmp

Filesize
256KB

Download
memory/1124-68-0x0000000002A20000-0x0000000002A60000-memory.dmp

Filesize
256KB

Download
memory/1124-64-0x000000006FD50000-0x00000000702FB000-memory.dmp

Filesize
5.7MB

Download
memory/1432-2608-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/1432-2620-0x0000000000400000-0x00000000007CE000-memory.dmp

Filesize
3.8MB

Download
memory/2096-89-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-109-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-37-0x0000000000C10000-0x0000000000E54000-memory.dmp

Filesize
2.3MB

Download
memory/2096-63-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2096-39-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2096-2610-0x0000000074520000-0x0000000074C0E000-memory.dmp

Filesize
6.9MB

Download
memory/2096-74-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-75-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-77-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-70-0x0000000004A40000-0x0000000004A80000-memory.dmp

Filesize
256KB

Download
memory/2096-79-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-72-0x0000000008060000-0x0000000008274000-memory.dmp

Filesize
2.1MB

Download
memory/2096-73-0x0000000002260000-0x00000000022E0000-memory.dmp

Filesize
512KB

Download
memory/2096-137-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-135-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-133-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-131-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-129-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-127-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-125-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-123-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-121-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-119-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-117-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-115-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-113-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-111-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-81-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-107-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-105-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-103-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-101-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-99-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-97-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-95-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-93-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-91-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-43-0x0000000004A40000-0x0000000004A80000-memory.dmp

Filesize
256KB

Download
memory/2096-87-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-85-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2096-83-0x0000000002260000-0x00000000022DA000-memory.dmp

Filesize
488KB

Download
memory/2468-57-0x0000000070000000-0x00000000705AB000-memory.dmp

Filesize
5.7MB

Download
memory/2468-53-0x0000000070000000-0x00000000705AB000-memory.dmp

Filesize
5.7MB

Download
memory/2468-54-0x0000000070000000-0x00000000705AB000-memory.dmp

Filesize
5.7MB

Download
memory/2468-56-0x0000000002A70000-0x0000000002AB0000-memory.dmp

Filesize
256KB

Download
memory/2468-55-0x0000000002A70000-0x0000000002AB0000-memory.dmp

Filesize
256KB

Download
memory/2696-46-0x0000000000890000-0x000000000089A000-memory.dmp

Filesize
40KB

Download
memory/2696-44-0x000000001BB30000-0x000000001BBB0000-memory.dmp

Filesize
512KB

Download
memory/2696-48-0x0000000002360000-0x00000000023A8000-memory.dmp

Filesize
288KB

Download
memory/2696-50-0x000000001ABD0000-0x000000001AC0C000-memory.dmp

Filesize
240KB

Download
memory/2696-45-0x000000001AB50000-0x000000001ABCC000-memory.dmp

Filesize
496KB

Download
memory/2696-40-0x0000000000870000-0x0000000000888000-memory.dmp

Filesize
96KB

Download
memory/2696-69-0x000007FEF6060000-0x000007FEF6A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2696-41-0x000007FEF6060000-0x000007FEF6A4C000-memory.dmp

Filesize
9.9MB

Download
memory/2696-71-0x000000001BB30000-0x000000001BBB0000-memory.dmp

Filesize
512KB

Download
memory/2696-38-0x000000013F060000-0x000000013F0C6000-memory.dmp

Filesize
408KB

Download