Analysis

  • max time kernel
    2s
  • max time network
    88s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    19-01-2024 20:19

General

  • Target

    magic.poisontoolz.com/Binded.exe

  • Size

    5.4MB

  • MD5

    8f505e8ec6a2129264b6609d96e68962

  • SHA1

    a4f8e2102645ad87b37c4de7fa45779d3bb70f18

  • SHA256

    59e7180a2a869453fb54d13f04b4eda1a5153659378501fa31b18f862576f800

  • SHA512

    49f4b191e7e7edfb29ebe9c40cc9dc1f57824aff6b166815d9a0bd46e3e883bbf74bccee95469116a522dc850ead3813fb2977b485ead64d37c680e9acb33396

  • SSDEEP

    49152:tl+wZnx28ufF6eE39oRGIOVgdDll+wZnx28uf36eE39oRGIOVgdDp:

Score
10/10

Malware Config

Signatures

  • Detect ZGRat V1 32 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

Processes

  • C:\Users\Admin\AppData\Local\Temp\magic.poisontoolz.com\Binded.exe
    "C:\Users\Admin\AppData\Local\Temp\magic.poisontoolz.com\Binded.exe"
    1⤵
      PID:1200
      • C:\Users\Admin\AppData\Local\Temp\blbrok.exe
        "C:\Users\Admin\AppData\Local\Temp\blbrok.exe"
        2⤵
          PID:3892
        • C:\Users\Admin\AppData\Local\Temp\rock.exe
          "C:\Users\Admin\AppData\Local\Temp\rock.exe"
          2⤵
            PID:2576
        • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
          powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABUAHkAcABlAEkAZAAuAGUAeABlADsA
          1⤵
            PID:2168
          • C:\Users\Admin\AppData\Local\Hash\mdvhj\TypeId.exe
            C:\Users\Admin\AppData\Local\Hash\mdvhj\TypeId.exe
            1⤵
              PID:3984
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                2⤵
                  PID:2960
              • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABUAHkAcABlAEkAZAAuAGUAeABlADsA
                1⤵
                  PID:1148
                • C:\Users\Admin\AppData\Local\Temp\nxryyws.exe
                  C:\Users\Admin\AppData\Local\Temp\nxryyws.exe
                  1⤵
                    PID:2576
                    • C:\Users\Admin\AppData\Local\Temp\nxryyws.exe
                      C:\Users\Admin\AppData\Local\Temp\nxryyws.exe
                      2⤵
                        PID:3560

                    Network

                    MITRE ATT&CK Enterprise v15

                    Replay Monitor

                    Loading Replay Monitor...

                    Downloads

                    • C:\Users\Admin\AppData\Local\Hash\mdvhj\TypeId.exe

                      Filesize

                      66KB

                      MD5

                      06bf68af8360c9c6fe3ebd5f59c03495

                      SHA1

                      9149177f83ff4da16ab8bb9b77c94e5b55f3b454

                      SHA256

                      fd9fd323b5934ecfc817a62a688a428bae61bbc80a12e43fe20637e9bfc47a50

                      SHA512

                      95435c8c23b7c295fd08a0cd200c95d29183e5675a71f32ba6a6feba8bbee2ec8657d7364c97a46f6bf3fed404732898720768a56a48ece29ad8cd5b64266915

                    • C:\Users\Admin\AppData\Local\Hash\mdvhj\TypeId.exe

                      Filesize

                      51KB

                      MD5

                      b436f694b4f5182e9f31c4eae47bb0fb

                      SHA1

                      3d0d136ec3e24c2dbc205b71770c6125effc8936

                      SHA256

                      08206dcfb5782fa050ae2462abc8076fe4a72defb96db46c8bde9f6295746e79

                      SHA512

                      7e2cda355d78dfe8f23a6709967c327f871628e6f9cff879d32adcd58dfde62963eca1c04cb442fd548ccc67b444b8a9329617d775504c3654c5910e12f7cfc9

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

                      Filesize

                      2KB

                      MD5

                      d85ba6ff808d9e5444a4b369f5bc2730

                      SHA1

                      31aa9d96590fff6981b315e0b391b575e4c0804a

                      SHA256

                      84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

                      SHA512

                      8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

                    • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\nxryyws.exe.log

                      Filesize

                      1KB

                      MD5

                      c3941d9fa38f1717d5cecd7a2ca71667

                      SHA1

                      33b5362675383b58b4166ed9f9a61e5aa6768d2e

                      SHA256

                      f1ed6ff1cd3df219061e32df1c75d6f48de6484cf50e5ea7d86cd8bcfcb93256

                      SHA512

                      98f103ef97d32bf8c0566a6f6da5cf8d58d18f698c1b3e5bd0be0ea8462f5fe54c2e5e6b5188f2b7d8f70082ffd6745b1f7f6cab95af474e2b7eaed50a9d9c45

                    • C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                      Filesize

                      944B

                      MD5

                      77d622bb1a5b250869a3238b9bc1402b

                      SHA1

                      d47f4003c2554b9dfc4c16f22460b331886b191b

                      SHA256

                      f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb

                      SHA512

                      d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9

                    • C:\Users\Admin\AppData\Local\Temp\Data\Autofills.txt

                      Filesize

                      234B

                      MD5

                      6be6fdca0cfa94635b8689b2b0bf2bee

                      SHA1

                      379c61029b5443c3d3df7c770423e40618b36d15

                      SHA256

                      5bc3a7ced261f235f4a30797ad96f803c9e022a95ad6bc7fedc06d0fd2a0abeb

                      SHA512

                      7955fb48977c971563b10420e379ebea01e42582a8dfe2719ec756dda7e757168031a58a3c9fef061c0abb6c799579f7c8b46de4fc5b4ab3519d735092848cd8

                    • C:\Users\Admin\AppData\Local\Temp\Data\Cookies.txt

                      Filesize

                      115B

                      MD5

                      824ce7c07117a630e9b31638f89476aa

                      SHA1

                      2d012f1cd8b636de1662f69d213b3cf9fa5df846

                      SHA256

                      4d1a2351c6146b7f0cc87825160516933201af5e737028b360d4ee8d0ca7fdfd

                      SHA512

                      0c0d50920055b3a2343154acbe8e6d1a3490ce7ae403a21a9b385309805338ba05163500439ab85d30d1d2bb5c742009bb2b0c25d74533ba24780d31efe5c945

                    • C:\Users\Admin\AppData\Local\Temp\Data\CreditCards.txt

                      Filesize

                      238B

                      MD5

                      0f5f7a38759e578c92bcf62c45d80b8a

                      SHA1

                      211e70ede55cce5bf67f685d85cbd030a8517d2b

                      SHA256

                      39059fc9bf3844dacbe329b623ca7a06f72656216dd4e52dc9b938b3d95289dc

                      SHA512

                      8130466f8ee346c0b931a34e63e2e9dc6f4070b85faaa58efdddd4d165fa605457d3137472c5fd09da87b0135a4beb660ee39cb390d78be6f0786950036b205d

                    • C:\Users\Admin\AppData\Local\Temp\Data\Downloads.txt

                      Filesize

                      234B

                      MD5

                      ae0f7fab163139c661e576fe0af08651

                      SHA1

                      7545ab94360fd93f2209021b4cecabb92592be27

                      SHA256

                      832ff6318e2c78ac1907c74f3911f8815b545c16449cbce6753e21fb723cb657

                      SHA512

                      a3e342a3c72c079db96a8d6bb108830c3a772b926be0cf4e5d09ebb09e1babbc7602959bf1f82c8df8764f45479f318c3205114f23c96fd663efa792cff86b8b

                    • C:\Users\Admin\AppData\Local\Temp\Data\Histories.txt

                      Filesize

                      234B

                      MD5

                      412ec159e4b14be1ca93db473e80acc2

                      SHA1

                      8909b6f7fc8715a749270b6ceb8f05f823f59fd3

                      SHA256

                      eaff9c24df526e9c884832130bf6de9182fd96f3dcdba33e8e5e7a4ed37f1bbe

                      SHA512

                      a90524333fd34d44f5784a90ada19904ea7379de26cae08ffdfd2ee25b3fd5b36c2cbcf7a7e6fc4ff734680ca1ff177ed42df1d4f5583d6a1a89d622c183f0b4

                    • C:\Users\Admin\AppData\Local\Temp\Data\Passwords.txt

                      Filesize

                      234B

                      MD5

                      36f6acc2229073f5bb4074cee73d1d5b

                      SHA1

                      b2adbb44350d984dff40c15fcbbeb3379c7ec0e5

                      SHA256

                      8a947e0921f9cfada15c19a72f0ff31b38ad4602106c6ee95685d61c223c9a35

                      SHA512

                      da8b627bd674ceb0da7e30ba543ab82ab694d3f6e0474b48ca343ee74e20147440d2205b6ce66f5caa2a39061dedd2ca4146e263fac9f146a228c5b5cba4aaad

                    • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_joffblep.we4.ps1

                      Filesize

                      60B

                      MD5

                      d17fe0a3f47be24a6453e9ef58c94641

                      SHA1

                      6ab83620379fc69f80c0242105ddffd7d98d5d9d

                      SHA256

                      96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                      SHA512

                      5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                    • C:\Users\Admin\AppData\Local\Temp\blbrok.exe

                      Filesize

                      74KB

                      MD5

                      c1fcd3f9800bbfb95a0e9c2cb7ca20b2

                      SHA1

                      c65076ad5f65b7fe8e72cf7db2d0da7fe6d16d53

                      SHA256

                      1b297af1fd0406ddf9f645636db79438761650b3d03adba24c2739d137fcaf14

                      SHA512

                      4867f657c6d060308364310dc53eaad7835f8721cac5f1eaa965716859d5293aca31ed0bd55fa3266c76ad8298a872fa96e2717440438ec533d65072b82b31ce

                    • C:\Users\Admin\AppData\Local\Temp\blbrok.exe

                      Filesize

                      92KB

                      MD5

                      21656b2a4a4b65faff027532bd7f1504

                      SHA1

                      957cf154d9447d2bb1498fab227b0ced0bf65d2c

                      SHA256

                      49e25464f406c4df62df2ef15bebc68f36058d0feb9fae1ff60d6441d2528b36

                      SHA512

                      7980929460c9d0d4eb453571b201b08e9db272b4bc3dad242b6d66cd4db066253bf25f6e1678094d170f24295c8eb5c9cf9930c5395e22fd15b102219541db91

                    • C:\Users\Admin\AppData\Local\Temp\blbrok.exe

                      Filesize

                      52KB

                      MD5

                      6fba0bc9d0671236ec252f7c5b014d57

                      SHA1

                      ab4a0d7bd02e3c1d259553085214ae6f5dae3177

                      SHA256

                      7c6c4ec6dbd68f2c0947cb46d6d3d4b091321c2209344332b59d97e177b6ca83

                      SHA512

                      8b69836353df340a1df412e6e926d41c2e1a9d3cb2ae6cbf751f4d68990f1c92475492aab0ef52e364329303018a4e3999d4cae72de2ae9a13aa9af249783d43

                    • C:\Users\Admin\AppData\Local\Temp\nxryyws.exe

                      MD5

                      d41d8cd98f00b204e9800998ecf8427e

                      SHA1

                      da39a3ee5e6b4b0d3255bfef95601890afd80709

                      SHA256

                      e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                      SHA512

                      cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                    • C:\Users\Admin\AppData\Local\Temp\nxryyws.exe

                      Filesize

                      20KB

                      MD5

                      0b97baabefc29ff0dffd2ccaab0a208f

                      SHA1

                      aac9bed37cabfc6728ecd4d3d5e241c965071a0e

                      SHA256

                      ebf6065c587ef7db9230d9811d4cb4d2bb3e9f947036c7f3aae704e77137bb32

                      SHA512

                      71a5712b119249a583b59688bb2e461cb7b320fd1575ed3fc8c5ced95b75405b7dab2194035d2a511ae9a6529968711c599942077efc3bece6d5f6ec1f6a48d9

                    • C:\Users\Admin\AppData\Local\Temp\nxryyws.exe

                      Filesize

                      1KB

                      MD5

                      20431b8ed3a072f81845a821249a01af

                      SHA1

                      6f15694b5fde1fdec4674928226f45499522f141

                      SHA256

                      56743a8bbb6d27acad0101d325b1a264156394dd11908da039f95209e5a0d388

                      SHA512

                      fa391aafbf5a81f868f1559e24ee040b5c0c7cf5be5e20669fdefbcc68daeae355899fe9723e245cd76d272ab0fce024896badc3002914264caf6ed031ece4fe

                    • C:\Users\Admin\AppData\Local\Temp\rock.exe

                      Filesize

                      43KB

                      MD5

                      b5a9a31834ca48de5da58107f646a2a6

                      SHA1

                      18de389616225e3d740d288262a5c5bca5f11fc4

                      SHA256

                      52df0926bf74c947e9959bd680421d47dab959a0fa12402127c7eb587b7a1d95

                      SHA512

                      eeed1552481a59c748feb68f5d9d701e261d2e4bd250ecb399274b4f5bca8101a35520cf2891447ba3cdded40ceca70e546d3090abd1eaf979c0a16a661c566b

                    • C:\Users\Admin\AppData\Local\Temp\rock.exe

                      Filesize

                      157KB

                      MD5

                      e483b733c95b33af0dc4257eeaf24ff2

                      SHA1

                      8e51b0545596abb59361dd71999524eebd481908

                      SHA256

                      562bfea0a5e27bb37cfdcf26397989d7a1b48ee34dbe0ceeaf50c2a5b110791f

                      SHA512

                      8db7cc418ffea771f6937e326bec01f86a48ddd1019998e6217d2d0cc532301b33a0a05aa6b377c7b9e549093dd95ca69a8bce9728223e8bb055d2d1ee640f83

                    • C:\Users\Admin\AppData\Local\Temp\rock.exe

                      Filesize

                      149KB

                      MD5

                      69e9f5b9e1c5ef06143471ae6022f996

                      SHA1

                      fb74e045c41ef9fa9a11d3ec88ace82bb82f1729

                      SHA256

                      70ba794963458cf9a8373869cf91aa234ecbdd596d2069237d1282718c3a68e7

                      SHA512

                      57f75155c86a1079bfdc735a96c5ea6438e5227fc4e5b15ebd7fb329929a54e0d434700508700b1083d3fdc08a99b13c4e4cad9e33d621a6a8f4aaaa1272df87

                    • memory/1148-6745-0x00007FF80EF30000-0x00007FF80F9F1000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/1148-6205-0x0000028263D40000-0x0000028263D50000-memory.dmp

                      Filesize

                      64KB

                    • memory/1148-5989-0x0000028263D40000-0x0000028263D50000-memory.dmp

                      Filesize

                      64KB

                    • memory/1148-5656-0x0000028263D40000-0x0000028263D50000-memory.dmp

                      Filesize

                      64KB

                    • memory/1148-5654-0x00007FF80EF30000-0x00007FF80F9F1000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/1200-1-0x00007FF80F340000-0x00007FF80FE01000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/1200-0-0x0000000000E10000-0x0000000001382000-memory.dmp

                      Filesize

                      5.4MB

                    • memory/1200-34-0x00007FF80F340000-0x00007FF80FE01000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/1200-2-0x0000000001B80000-0x0000000001B90000-memory.dmp

                      Filesize

                      64KB

                    • memory/2168-2307-0x0000020630B40000-0x0000020630B50000-memory.dmp

                      Filesize

                      64KB

                    • memory/2168-2295-0x0000020630B40000-0x0000020630B50000-memory.dmp

                      Filesize

                      64KB

                    • memory/2168-2306-0x00000206490D0000-0x00000206490F2000-memory.dmp

                      Filesize

                      136KB

                    • memory/2168-2296-0x0000020630B40000-0x0000020630B50000-memory.dmp

                      Filesize

                      64KB

                    • memory/2168-2310-0x00007FF80EF30000-0x00007FF80F9F1000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/2168-2294-0x00007FF80EF30000-0x00007FF80F9F1000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/2576-73-0x00000273AB100000-0x00000273AB150000-memory.dmp

                      Filesize

                      320KB

                    • memory/2576-7689-0x0000000006160000-0x0000000006704000-memory.dmp

                      Filesize

                      5.6MB

                    • memory/2576-6751-0x00000000001F0000-0x000000000020C000-memory.dmp

                      Filesize

                      112KB

                    • memory/2576-6752-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/2576-6753-0x0000000004A70000-0x0000000004A80000-memory.dmp

                      Filesize

                      64KB

                    • memory/2576-37-0x00000273AB170000-0x00000273AB180000-memory.dmp

                      Filesize

                      64KB

                    • memory/2576-33-0x00007FF80F340000-0x00007FF80FE01000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/2576-6754-0x0000000005580000-0x00000000056B6000-memory.dmp

                      Filesize

                      1.2MB

                    • memory/2576-32-0x0000027390990000-0x0000027390B08000-memory.dmp

                      Filesize

                      1.5MB

                    • memory/2576-7687-0x00000000056B0000-0x00000000056B1000-memory.dmp

                      Filesize

                      4KB

                    • memory/2576-7688-0x00000000058B0000-0x000000000597E000-memory.dmp

                      Filesize

                      824KB

                    • memory/2576-463-0x00007FF80F340000-0x00007FF80FE01000-memory.dmp

                      Filesize

                      10.8MB

                    • memory/2576-7696-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/2960-4521-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/2960-4522-0x0000000005490000-0x00000000054A0000-memory.dmp

                      Filesize

                      64KB

                    • memory/2960-6746-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3560-7694-0x0000000000400000-0x0000000000578000-memory.dmp

                      Filesize

                      1.5MB

                    • memory/3560-7697-0x0000000005830000-0x00000000058C2000-memory.dmp

                      Filesize

                      584KB

                    • memory/3560-7698-0x0000000005A80000-0x0000000005A90000-memory.dmp

                      Filesize

                      64KB

                    • memory/3560-7741-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3560-7695-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3560-7699-0x0000000006770000-0x000000000677A000-memory.dmp

                      Filesize

                      40KB

                    • memory/3560-7700-0x0000000008FD0000-0x0000000009020000-memory.dmp

                      Filesize

                      320KB

                    • memory/3560-7740-0x0000000005A80000-0x0000000005A90000-memory.dmp

                      Filesize

                      64KB

                    • memory/3892-75-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-70-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-2290-0x0000000005C70000-0x0000000005CC4000-memory.dmp

                      Filesize

                      336KB

                    • memory/3892-2289-0x0000000005850000-0x00000000058B6000-memory.dmp

                      Filesize

                      408KB

                    • memory/3892-2287-0x0000000005630000-0x0000000005686000-memory.dmp

                      Filesize

                      344KB

                    • memory/3892-2288-0x0000000005690000-0x00000000056DC000-memory.dmp

                      Filesize

                      304KB

                    • memory/3892-40-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-46-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-48-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-50-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-54-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-36-0x0000000000B80000-0x0000000000C1C000-memory.dmp

                      Filesize

                      624KB

                    • memory/3892-35-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3892-56-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-38-0x0000000005490000-0x00000000054A0000-memory.dmp

                      Filesize

                      64KB

                    • memory/3892-62-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-66-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-68-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-72-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-90-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-113-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-117-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-119-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-123-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-125-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-129-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-131-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-133-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-137-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-135-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-127-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-121-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-115-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-82-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-2293-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3892-64-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-60-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-58-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-52-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-43-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-41-0x00000000054A0000-0x0000000005582000-memory.dmp

                      Filesize

                      904KB

                    • memory/3892-39-0x00000000054A0000-0x0000000005588000-memory.dmp

                      Filesize

                      928KB

                    • memory/3984-4523-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3984-2313-0x0000000074BB0000-0x0000000075360000-memory.dmp

                      Filesize

                      7.7MB

                    • memory/3984-2314-0x0000000002930000-0x0000000002940000-memory.dmp

                      Filesize

                      64KB