zgrat | fec4a46308f73f3e49401fa24256a58fdd596f57eee6f29d3336c2b072abda6d

Analysis

max time kernel
138s
max time network
150s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
19/01/2024, 16:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

68192cd81726cf9ea4a4187ec0111113.exe
Size

6.5MB
MD5

68192cd81726cf9ea4a4187ec0111113
SHA1

46d0eb7842be68a5f625ed927fa6a91715af416b
SHA256

fec4a46308f73f3e49401fa24256a58fdd596f57eee6f29d3336c2b072abda6d
SHA512

bb176584a61b334673e457a1b5c598149ead38785e827d4b2f0348c8f4138a60dceeb9e4a7f7724a50fd32a3440e49e80d97575d091cfb9c991bf8bca576e156
SSDEEP

196608:LoWCHVU8Bi7PPbLAi80f/TiCjPTpPF2bzH0D1:Mz2Pgipr8bQp

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral1/memory/1072-6-0x000000001B290000-0x000000001B302000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-7-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-8-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-12-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-10-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-14-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-16-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-24-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-28-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-26-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-22-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-20-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-30-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-34-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-38-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-42-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-46-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-50-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-52-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-58-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-60-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-56-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-62-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-64-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-68-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-70-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-66-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-54-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-48-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-44-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-40-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-36-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-32-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1072-18-0x000000001B290000-0x000000001B2FC000-memory.dmp	family_zgrat_v1
behavioral1/memory/1312-2181-0x000000001E200000-0x000000001E840000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1072 set thread context of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1072	68192cd81726cf9ea4a4187ec0111113.exe
1072	68192cd81726cf9ea4a4187ec0111113.exe
2872	powershell.exe
1880	powershell.exe
912	powershell.exe
880	powershell.exe
2180	powershell.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1072	68192cd81726cf9ea4a4187ec0111113.exe
Token: SeDebugPrivilege	2872	powershell.exe
Token: SeDebugPrivilege	1880	powershell.exe
Token: SeIncreaseQuotaPrivilege	1880	powershell.exe
Token: SeSecurityPrivilege	1880	powershell.exe
Token: SeTakeOwnershipPrivilege	1880	powershell.exe
Token: SeLoadDriverPrivilege	1880	powershell.exe
Token: SeSystemProfilePrivilege	1880	powershell.exe
Token: SeSystemtimePrivilege	1880	powershell.exe
Token: SeProfSingleProcessPrivilege	1880	powershell.exe
Token: SeIncBasePriorityPrivilege	1880	powershell.exe
Token: SeCreatePagefilePrivilege	1880	powershell.exe
Token: SeBackupPrivilege	1880	powershell.exe
Token: SeRestorePrivilege	1880	powershell.exe
Token: SeShutdownPrivilege	1880	powershell.exe
Token: SeDebugPrivilege	1880	powershell.exe
Token: SeSystemEnvironmentPrivilege	1880	powershell.exe
Token: SeRemoteShutdownPrivilege	1880	powershell.exe
Token: SeUndockPrivilege	1880	powershell.exe
Token: SeManageVolumePrivilege	1880	powershell.exe
Token: 33	1880	powershell.exe
Token: 34	1880	powershell.exe
Token: 35	1880	powershell.exe
Token: SeDebugPrivilege	912	powershell.exe
Token: SeIncreaseQuotaPrivilege	912	powershell.exe
Token: SeSecurityPrivilege	912	powershell.exe
Token: SeTakeOwnershipPrivilege	912	powershell.exe
Token: SeLoadDriverPrivilege	912	powershell.exe
Token: SeSystemProfilePrivilege	912	powershell.exe
Token: SeSystemtimePrivilege	912	powershell.exe
Token: SeProfSingleProcessPrivilege	912	powershell.exe
Token: SeIncBasePriorityPrivilege	912	powershell.exe
Token: SeCreatePagefilePrivilege	912	powershell.exe
Token: SeBackupPrivilege	912	powershell.exe
Token: SeRestorePrivilege	912	powershell.exe
Token: SeShutdownPrivilege	912	powershell.exe
Token: SeDebugPrivilege	912	powershell.exe
Token: SeSystemEnvironmentPrivilege	912	powershell.exe
Token: SeRemoteShutdownPrivilege	912	powershell.exe
Token: SeUndockPrivilege	912	powershell.exe
Token: SeManageVolumePrivilege	912	powershell.exe
Token: 33	912	powershell.exe
Token: 34	912	powershell.exe
Token: 35	912	powershell.exe
Token: SeDebugPrivilege	880	powershell.exe
Token: SeIncreaseQuotaPrivilege	880	powershell.exe
Token: SeSecurityPrivilege	880	powershell.exe
Token: SeTakeOwnershipPrivilege	880	powershell.exe
Token: SeLoadDriverPrivilege	880	powershell.exe
Token: SeSystemProfilePrivilege	880	powershell.exe
Token: SeSystemtimePrivilege	880	powershell.exe
Token: SeProfSingleProcessPrivilege	880	powershell.exe
Token: SeIncBasePriorityPrivilege	880	powershell.exe
Token: SeCreatePagefilePrivilege	880	powershell.exe
Token: SeBackupPrivilege	880	powershell.exe
Token: SeRestorePrivilege	880	powershell.exe
Token: SeShutdownPrivilege	880	powershell.exe
Token: SeDebugPrivilege	880	powershell.exe
Token: SeSystemEnvironmentPrivilege	880	powershell.exe
Token: SeRemoteShutdownPrivilege	880	powershell.exe
Token: SeUndockPrivilege	880	powershell.exe
Token: SeManageVolumePrivilege	880	powershell.exe
Token: 33	880	powershell.exe
Token: 34	880	powershell.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 1072 wrote to memory of 2536	1072	68192cd81726cf9ea4a4187ec0111113.exe	30
PID 1072 wrote to memory of 2536	1072	68192cd81726cf9ea4a4187ec0111113.exe	30
PID 1072 wrote to memory of 2536	1072	68192cd81726cf9ea4a4187ec0111113.exe	30
PID 2536 wrote to memory of 2872	2536	WScript.exe	32
PID 2536 wrote to memory of 2872	2536	WScript.exe	32
PID 2536 wrote to memory of 2872	2536	WScript.exe	32
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1072 wrote to memory of 1312	1072	68192cd81726cf9ea4a4187ec0111113.exe	33
PID 1312 wrote to memory of 1880	1312	68192cd81726cf9ea4a4187ec0111113.exe	35
PID 1312 wrote to memory of 1880	1312	68192cd81726cf9ea4a4187ec0111113.exe	35
PID 1312 wrote to memory of 1880	1312	68192cd81726cf9ea4a4187ec0111113.exe	35
PID 1312 wrote to memory of 912	1312	68192cd81726cf9ea4a4187ec0111113.exe	38
PID 1312 wrote to memory of 912	1312	68192cd81726cf9ea4a4187ec0111113.exe	38
PID 1312 wrote to memory of 912	1312	68192cd81726cf9ea4a4187ec0111113.exe	38
PID 1312 wrote to memory of 880	1312	68192cd81726cf9ea4a4187ec0111113.exe	40
PID 1312 wrote to memory of 880	1312	68192cd81726cf9ea4a4187ec0111113.exe	40
PID 1312 wrote to memory of 880	1312	68192cd81726cf9ea4a4187ec0111113.exe	40
PID 1312 wrote to memory of 2180	1312	68192cd81726cf9ea4a4187ec0111113.exe	41
PID 1312 wrote to memory of 2180	1312	68192cd81726cf9ea4a4187ec0111113.exe	41
PID 1312 wrote to memory of 2180	1312	68192cd81726cf9ea4a4187ec0111113.exe	41

C:\Users\Admin\AppData\Local\Temp\68192cd81726cf9ea4a4187ec0111113.exe
"C:\Users\Admin\AppData\Local\Temp\68192cd81726cf9ea4a4187ec0111113.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1072
- C:\Windows\System32\WScript.exe
  "C:\Windows\System32\WScript.exe" "C:\Users\Admin\AppData\Local\Temp\_Tahnlcisc.vbs"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2536
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Set-MpPreference -ExclusionPath C:\,'C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe\Photoshop.exe'
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2872
- C:\Users\Admin\AppData\Local\Temp\68192cd81726cf9ea4a4187ec0111113.exe
  C:\Users\Admin\AppData\Local\Temp\68192cd81726cf9ea4a4187ec0111113.exe
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1312
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com -Count 2 -BufferSize 128 -Delay 1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:1880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com -Count 2 -BufferSize 128 -Delay 1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:912
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com -Count 2 -BufferSize 128 -Delay 1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:880
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Test-Connection www.google.com -Count 2 -BufferSize 128 -Delay 1
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2180

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_Tahnlcisc.vbs

Filesize
183B

MD5
596240d6e4b9636d4ff251f7d88d2fbc

SHA1
33a51f0eaed1b0ab24463d88a32a44bb343eea92

SHA256
ac3eca9ee79b5494e2099ac1f7a6e6d018352c615a871aa1ff43d0ace2c1dad9

SHA512
87a8313d20cbc9b5cff506d260c718fec9586f4f9d4ed421058cb3d386fe6e28b52fc106717d1afc0306bf4f2d2ee763fe461121f62d70213b30b08016610ce6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\4MP1QLWGRYZ3MR0ZEP70.temp

Filesize
7KB

MD5
b7dc1a52a32eeeb43255dc87f4adf400

SHA1
769b0105ae21bb4fb630e008292151156cbca178

SHA256
bc759803dccc3cc3c3f10d38b32ef6f5041dc66c1b0db774f9376be6e6d8aee4

SHA512
f140420f4b1d2159397c3065a01411369f5bad5a2042b2fe7aad356db98d6bb65ce0ce497cc1c53e06023cde681db0305ebcc84e965f853c68a81e5f3801c42d

Download Submit
memory/880-2165-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/880-2163-0x000007FEF3730000-0x000007FEF40CD000-memory.dmp

Filesize
9.6MB

Download
memory/880-2166-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/880-2164-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/880-2162-0x00000000027B0000-0x0000000002830000-memory.dmp

Filesize
512KB

Download
memory/880-2161-0x000007FEF3730000-0x000007FEF40CD000-memory.dmp

Filesize
9.6MB

Download
memory/880-2167-0x000007FEF3730000-0x000007FEF40CD000-memory.dmp

Filesize
9.6MB

Download
memory/912-2150-0x000007FEF1EB0000-0x000007FEF284D000-memory.dmp

Filesize
9.6MB

Download
memory/912-2152-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/912-2153-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/912-2151-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/912-2149-0x00000000024E0000-0x0000000002560000-memory.dmp

Filesize
512KB

Download
memory/912-2148-0x000007FEF1EB0000-0x000007FEF284D000-memory.dmp

Filesize
9.6MB

Download
memory/912-2147-0x0000000002560000-0x0000000002568000-memory.dmp

Filesize
32KB

Download
memory/912-2154-0x000007FEF1EB0000-0x000007FEF284D000-memory.dmp

Filesize
9.6MB

Download
memory/1072-46-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-14-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-38-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-42-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-0-0x0000000000BF0000-0x000000000127C000-memory.dmp

Filesize
6.5MB

Download
memory/1072-50-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-52-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-58-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-60-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-56-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-62-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-64-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-68-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-70-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-66-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-54-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-48-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-44-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-40-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-36-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-32-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-18-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-30-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-2115-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1072-1-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1072-2116-0x000000001C176000-0x000000001C1DD000-memory.dmp

Filesize
412KB

Download
memory/1072-2-0x000000001C170000-0x000000001C1F0000-memory.dmp

Filesize
512KB

Download
memory/1072-3-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1072-4-0x00000000212B0000-0x000000002191A000-memory.dmp

Filesize
6.4MB

Download
memory/1072-5-0x000000001C170000-0x000000001C1F0000-memory.dmp

Filesize
512KB

Download
memory/1072-6-0x000000001B290000-0x000000001B302000-memory.dmp

Filesize
456KB

Download
memory/1072-7-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-8-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-12-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-10-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-34-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-20-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-16-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-24-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-28-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-26-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1072-22-0x000000001B290000-0x000000001B2FC000-memory.dmp

Filesize
432KB

Download
memory/1312-2114-0x0000000140000000-0x000000014062A000-memory.dmp

Filesize
6.2MB

Download
memory/1312-2180-0x000000001C3E0000-0x000000001C460000-memory.dmp

Filesize
512KB

Download
memory/1312-2123-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1312-2181-0x000000001E200000-0x000000001E840000-memory.dmp

Filesize
6.2MB

Download
memory/1312-2141-0x000007FEF5790000-0x000007FEF617C000-memory.dmp

Filesize
9.9MB

Download
memory/1880-2137-0x0000000002050000-0x00000000020D0000-memory.dmp

Filesize
512KB

Download
memory/1880-2139-0x0000000002050000-0x00000000020D0000-memory.dmp

Filesize
512KB

Download
memory/1880-2133-0x0000000001FC0000-0x0000000001FC8000-memory.dmp

Filesize
32KB

Download
memory/1880-2135-0x0000000002050000-0x00000000020D0000-memory.dmp

Filesize
512KB

Download
memory/1880-2134-0x000007FEF3730000-0x000007FEF40CD000-memory.dmp

Filesize
9.6MB

Download
memory/1880-2140-0x000007FEF3730000-0x000007FEF40CD000-memory.dmp

Filesize
9.6MB

Download
memory/1880-2132-0x000000001B110000-0x000000001B3F2000-memory.dmp

Filesize
2.9MB

Download
memory/1880-2136-0x000007FEF3730000-0x000007FEF40CD000-memory.dmp

Filesize
9.6MB

Download
memory/1880-2138-0x0000000002050000-0x00000000020D0000-memory.dmp

Filesize
512KB

Download
memory/2180-2173-0x000007FEF1EB0000-0x000007FEF284D000-memory.dmp

Filesize
9.6MB

Download
memory/2180-2174-0x0000000002940000-0x00000000029C0000-memory.dmp

Filesize
512KB

Download
memory/2180-2179-0x000007FEF1EB0000-0x000007FEF284D000-memory.dmp

Filesize
9.6MB

Download
memory/2180-2176-0x0000000002940000-0x00000000029C0000-memory.dmp

Filesize
512KB

Download
memory/2180-2177-0x0000000002940000-0x00000000029C0000-memory.dmp

Filesize
512KB

Download
memory/2180-2178-0x0000000002940000-0x00000000029C0000-memory.dmp

Filesize
512KB

Download
memory/2180-2175-0x000007FEF1EB0000-0x000007FEF284D000-memory.dmp

Filesize
9.6MB

Download
memory/2872-2119-0x0000000001F90000-0x0000000001F98000-memory.dmp

Filesize
32KB

Download
memory/2872-2124-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2872-2121-0x000007FEED0C0000-0x000007FEEDA5D000-memory.dmp

Filesize
9.6MB

Download
memory/2872-2120-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2872-2122-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2872-2117-0x000000001B300000-0x000000001B5E2000-memory.dmp

Filesize
2.9MB

Download
memory/2872-2118-0x000007FEED0C0000-0x000007FEEDA5D000-memory.dmp

Filesize
9.6MB

Download
memory/2872-2125-0x00000000025F0000-0x0000000002670000-memory.dmp

Filesize
512KB

Download
memory/2872-2126-0x000007FEED0C0000-0x000007FEEDA5D000-memory.dmp

Filesize
9.6MB

Download