zgrat | b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4

Analysis

max time kernel
298s
max time network
225s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
12/02/2024, 05:03

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
Size

781KB
MD5

5502b4463a62be41ece9a4557453fd4d
SHA1

34e9658ce06209b3e594163366efdc997ca89b46
SHA256

b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4
SHA512

d2d4189152a58e98e3409f4e23e23bab07ee13116e2d895b9fe4632bb2477018483d35a3df850155d76b0c627d6b49e6e55edf655abc5650611725a4520eef25
SSDEEP

24576:C0Rs+Qv1cttwIFHosVijOXhQbgkqAoGLdP:trosVijgCb0ANd

Score

10^/10

zgrat persistence rat

Malware Config

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral1/memory/2504-3-0x000000001C050000-0x000000001C19A000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-4-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-5-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-7-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-9-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-11-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-13-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-15-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-17-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-19-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-21-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-23-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-25-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-27-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-29-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-31-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-33-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-35-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-37-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-39-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-41-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-43-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-45-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-47-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-49-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-51-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-53-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-55-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-57-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-59-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-61-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-63-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-65-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/2504-67-0x000000001C050000-0x000000001C193000-memory.dmp	family_zgrat_v1
behavioral1/memory/1408-1134-0x000000001AF30000-0x000000001B032000-memory.dmp	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-452311807-3713411997-1028535425-1000\Software\Microsoft\Windows\CurrentVersion\Run\Iafllqfygyt = "C:\\Users\\Admin\\AppData\\Roaming\\Iafllqfygyt.exe"	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2504 set thread context of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
Token: SeDebugPrivilege	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe

Suspicious use of WriteProcessMemory 37 IoCs

description	pid	Process	procid_target
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 2504 wrote to memory of 1408	2504	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	28
PID 1408 wrote to memory of 880	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	29
PID 1408 wrote to memory of 880	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	29
PID 1408 wrote to memory of 880	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	29
PID 1408 wrote to memory of 1432	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	38
PID 1408 wrote to memory of 1432	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	38
PID 1408 wrote to memory of 1432	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	38
PID 1408 wrote to memory of 2060	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	37
PID 1408 wrote to memory of 2060	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	37
PID 1408 wrote to memory of 2060	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	37
PID 1408 wrote to memory of 2936	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	36
PID 1408 wrote to memory of 2936	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	36
PID 1408 wrote to memory of 2936	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	36
PID 1408 wrote to memory of 2156	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	30
PID 1408 wrote to memory of 2156	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	30
PID 1408 wrote to memory of 2156	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	30
PID 1408 wrote to memory of 2120	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	35
PID 1408 wrote to memory of 2120	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	35
PID 1408 wrote to memory of 2120	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	35
PID 1408 wrote to memory of 1576	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	31
PID 1408 wrote to memory of 1576	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	31
PID 1408 wrote to memory of 1576	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	31
PID 1408 wrote to memory of 1712	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	34
PID 1408 wrote to memory of 1712	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	34
PID 1408 wrote to memory of 1712	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	34
PID 1408 wrote to memory of 1716	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	33
PID 1408 wrote to memory of 1716	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	33
PID 1408 wrote to memory of 1716	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	33
PID 1408 wrote to memory of 1604	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	32
PID 1408 wrote to memory of 1604	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	32
PID 1408 wrote to memory of 1604	1408	b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe	32

C:\Users\Admin\AppData\Local\Temp\b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
"C:\Users\Admin\AppData\Local\Temp\b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe"
1⤵
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2504
- C:\Users\Admin\AppData\Local\Temp\b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
  C:\Users\Admin\AppData\Local\Temp\b45689d589d6e53943196c4fc67552d465b057d3f76546fb7b11a786e3a388e4.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1408
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:880
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:2156
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:1576
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:1604
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:1716
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:1712
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:2120
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:2936
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:2060
- - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_compiler.exe
    3⤵
    PID:1432

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1408-1133-0x0000000000400000-0x00000000004B4000-memory.dmp

Filesize
720KB

Download
memory/1408-1135-0x000007FEF5F70000-0x000007FEF695C000-memory.dmp

Filesize
9.9MB

Download
memory/1408-1134-0x000000001AF30000-0x000000001B032000-memory.dmp

Filesize
1.0MB

Download
memory/1408-1136-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1137-0x00000000003B0000-0x00000000003B8000-memory.dmp

Filesize
32KB

Download
memory/1408-1146-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1145-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1144-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1143-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1142-0x000007FEF5F70000-0x000007FEF695C000-memory.dmp

Filesize
9.9MB

Download
memory/1408-1141-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1140-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1139-0x000000001AEB0000-0x000000001AF30000-memory.dmp

Filesize
512KB

Download
memory/1408-1138-0x00000000006C0000-0x0000000000716000-memory.dmp

Filesize
344KB

Download
memory/2504-37-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-55-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-17-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-19-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-21-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-23-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-25-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-27-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-29-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-31-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-33-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-35-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-13-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-39-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-41-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-43-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-45-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-47-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-49-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-51-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-53-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-15-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-57-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-59-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-61-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-63-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-65-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-11-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-9-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-7-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-5-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-4-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-3-0x000000001C050000-0x000000001C19A000-memory.dmp

Filesize
1.3MB

Download
memory/2504-2-0x0000000000B70000-0x0000000000BF0000-memory.dmp

Filesize
512KB

Download
memory/2504-1-0x000007FEF5F70000-0x000007FEF695C000-memory.dmp

Filesize
9.9MB

Download
memory/2504-0-0x0000000001130000-0x00000000011FA000-memory.dmp

Filesize
808KB

Download
memory/2504-67-0x000000001C050000-0x000000001C193000-memory.dmp

Filesize
1.3MB

Download
memory/2504-1118-0x0000000000290000-0x0000000000291000-memory.dmp

Filesize
4KB

Download
memory/2504-1119-0x000000001B850000-0x000000001B922000-memory.dmp

Filesize
840KB

Download
memory/2504-1120-0x0000000000A20000-0x0000000000A6C000-memory.dmp

Filesize
304KB

Download
memory/2504-1131-0x000007FEF5F70000-0x000007FEF695C000-memory.dmp

Filesize
9.9MB

Download