Overview

overview

10

Static

static

3

native.exe

windows7-x64

10

native.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    147s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20240221-en
  • resource tags

    arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
  • submitted
    01-03-2024 14:16

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    native.exe

  • Size

    2.1MB

  • MD5

    1a917a85dcbb1d3df5f4dd02e3a62873

  • SHA1

    567f528fec8e7a4787f8c253446d8f1b620dc9d6

  • SHA256

    217fbf967c95d1359314fcd53ae8d04489eb3c7bdc1f22110d5a8a476d1fc92e

  • SHA512

    341acbd43efac1718c7f3e3795549acf29237a2675bdadcb7e52ce18aac6dcc6ae628e1b6edfa2338ed6d9923c148cb4322c75fad86d5c0e6f2327c2270563ec

  • SSDEEP

    49152:/WlrvpDXJLRxe123BMGwxB19y0IEjaV/EC5O7pD:/apzJy1kMxt2R/ET

Score
10/10
zgratrat

Malware Config

Signatures

  • Detect ZGRat V1 37 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Executes dropped EXE 10 IoCs
  • Loads dropped DLL 2 IoCs
  • Drops file in System32 directory 2 IoCs
  • Suspicious use of SetThreadContext 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 9 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\native.exe
    "C:\Users\Admin\AppData\Local\Temp\native.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of SetThreadContext
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2136
    • C:\Users\Admin\AppData\Local\Temp\BBLb.exe
      "C:\Users\Admin\AppData\Local\Temp\BBLb.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetThreadContext
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of WriteProcessMemory
      PID:2760
      • C:\Users\Admin\AppData\Local\Temp\BBLb.exe
        C:\Users\Admin\AppData\Local\Temp\BBLb.exe
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:812
    • C:\Users\Admin\AppData\Local\Temp\native.exe
      C:\Users\Admin\AppData\Local\Temp\native.exe
      2⤵
        PID:1736
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {2E3F7352-05EC-42E6-B66B-19EF4E2F5D26} S-1-5-21-1650401615-1019878084-3673944445-1000:UADPPTXT\Admin:S4U:
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:840
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABBAHQAdAByAGkAYgB1AHQAZQBTAHQAcgBpAG4AZwAuAGUAeABlADsA
        2⤵
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2408
      • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIABBAHQAdAByAGkAYgB1AHQAZQBTAHQAcgBpAG4AZwAuAGUAeABlADsA
        2⤵
        • Drops file in System32 directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:2808
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {2E2CE141-7637-478B-9EDD-A9668864FD35} S-1-5-21-1650401615-1019878084-3673944445-1000:UADPPTXT\Admin:Interactive:[1]
      1⤵
      • Suspicious use of WriteProcessMemory
      PID:2072
      • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
        C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:2164
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          PID:2388
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          PID:2432
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          PID:2032
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          PID:2916
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          PID:2420
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          PID:3048
        • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1744
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
            C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
            4⤵
            • Suspicious use of SetThreadContext
            • Suspicious use of AdjustPrivilegeToken
            PID:2352
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
              5⤵
              • Suspicious use of AdjustPrivilegeToken
              PID:928

    Network

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Temp\BBLb.exe
      Filesize

      960KB

      MD5

      7d39ed562f31bc9ec78b6351d1f4bfcc

      SHA1

      ddbc9603f16b789162384c39beb2ba8d96add42f

      SHA256

      d48db5906b8ecebd49e5ce98c5bf5343932667dfc9f283a6baae721d753a75b9

      SHA512

      09f7b3b086add2d5537dac652abdd9df9bfc49308fd71a2ac59ffca6f8d8a7c4436c526c0c8f62f41dcec347609e91f1feb4422802f9c6a13aabfc43e6438645

      Download Submit

    • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
      Filesize

      1.2MB

      MD5

      852359f21734789508b5e453d1baef18

      SHA1

      6ca0af51f51ce280322b57e89dc69d712054246c

      SHA256

      797e3af2149d46f62d949ac28be06e63a8f971114f3bfd8d8db3f0da85244c5c

      SHA512

      4bfa18f3a732b52e1ea7a624786d169a862bcac512413a65925075b4870a8303486a71677de8eab95a99d8bd4b768e3a50c1ebcbde5bff9f719849ca55882d75

      Download Submit

    • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
      Filesize

      1.1MB

      MD5

      c43f9e71adc553cfd066fff8faa951fc

      SHA1

      b42ed3117d59c78a9aae1f3808239c8396478cd7

      SHA256

      067522f8c4d0832c9c7495fb46638aa41e0387994284fab89e0ac6885f6a76a8

      SHA512

      d1822bc87a5bbbd34e2c374cd4eb384f5b965671215e6e70a6f59b07b5fcacbcfcfcd678d8894ffe818861a6694a32b9414d57d45143a5a6908431b77f4b2748

      Download Submit

    • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
      Filesize

      896KB

      MD5

      5c63556492a51966ce4b579921036096

      SHA1

      569dfe00f01ef7d5e6f5e866fccb1cf970d1ef2c

      SHA256

      2a7a91637a26c351ef8f8e6d5033bb667c82208c602731c1dda70a5e6436a837

      SHA512

      48a00f6343475398ab3478e19dfa279b8cb3e39f436713c5ec0ae9eb03a3960c2152b675212690d3cfb62049d5dbe569a9a30411fc4c983abebf1289dd622b89

      Download Submit

    • C:\Users\Admin\AppData\Local\TypeId\rgsyr\AttributeString.exe
      Filesize

      230KB

      MD5

      87562c705053a6b70bfa990c2e82d14d

      SHA1

      911bc4bc8d9f4be5e7113497e76bfbfc08709bb9

      SHA256

      3cbe270387b4648efcf8818bc11c5085e43b11f40d3773704b70903179bb8f4d

      SHA512

      b3e2c5d00e303ee2d89e34bc8dcc5105f3677b3e493d4ccf02d12e67917d8279716010684897f848fdad711e82ce868be0f029dadd5f2f06c035dd6f2bb950b2

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
      Filesize

      7KB

      MD5

      713fbf1c04f0bdfde1e550df75625815

      SHA1

      253f48068fb71b230158fc57e01e9ff2bdc55a9d

      SHA256

      2e2e80fe9160b794d30361246044712fde8b90fbb6b7dfe3931cb1e6a24870aa

      SHA512

      06a59f5611e6ab0cdc85e3c1e788c545c312cd186780d171d1721d27234732bd14c67cc83c9fbe2c6d20c7609c9a0ac31098b11df5deced3c1c3d029fb554498

      Download Submit

    • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\USA9CE9BMQ3QZGC7IDBD.temp
      Filesize

      7KB

      MD5

      5ae0c4b4d2b092c59f4169fe00aa6e6e

      SHA1

      5175cc8d6cc983bf6d61a18e14dea0767f0dabdd

      SHA256

      afe16931ad73242b4ec053d1fc131f3e3b8ff9a45845cbdc580f5a4f2fa957b4

      SHA512

      7bf4efe1171ea3b9f8cc6f4f46d57720145ce15ffbfb83340a6a1ffab8165756de5d00b05bdc1c5f200d0f4ece2a11cc4dbf28505cb01da5ff39349edc6dfc3a

      Download Submit

    • \Users\Admin\AppData\Local\Temp\BBLb.exe
      Filesize

      1.2MB

      MD5

      71eb1bc6e6da380c1cb552d78b391b2a

      SHA1

      df3278e6e26d8c0bc878fe0a8c8a91b28c5a652d

      SHA256

      cefa92ee6cc2fad86c49dd37d57ff8afcb9b9abef0a110689e6d771394256bd6

      SHA512

      d6fab2c469924b8202f7964e864f66d6b6151937c8d134fb40e1f1d3787cf22328892c3f7209786e0b42e1abd5ca71a61f40538ef1e93534d2a98bf6d4448e90

      Download Submit

    • memory/812-1925-0x00000000011B0000-0x0000000001298000-memory.dmp

      Filesize

      928KB

      Download

    • memory/812-1923-0x0000000074C70000-0x000000007535E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/812-1922-0x0000000000400000-0x000000000049C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/812-1924-0x0000000000DA0000-0x0000000000DE0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/812-4126-0x0000000000CF0000-0x0000000000D46000-memory.dmp

      Filesize

      344KB

      Download

    • memory/812-4127-0x0000000000F00000-0x0000000000F54000-memory.dmp

      Filesize

      336KB

      Download

    • memory/812-4129-0x0000000074C70000-0x000000007535E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/928-8285-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/928-10488-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/928-10489-0x0000000004A10000-0x0000000004A50000-memory.dmp

      Filesize

      256KB

      Download

    • memory/1736-1097-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/1736-986-0x0000000000400000-0x0000000000488000-memory.dmp

      Filesize

      544KB

      Download

    • memory/1744-7319-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1744-7304-0x0000000004970000-0x00000000049C4000-memory.dmp

      Filesize

      336KB

      Download

    • memory/1744-5100-0x0000000000400000-0x000000000049C000-memory.dmp

      Filesize

      624KB

      Download

    • memory/1744-5101-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/1744-5102-0x00000000049C0000-0x0000000004A00000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2136-46-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-4-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-50-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-52-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-54-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-56-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-58-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-60-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-62-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-64-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-66-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-935-0x0000000004B70000-0x0000000004BB0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2136-936-0x0000000000430000-0x0000000000431000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2136-937-0x0000000005130000-0x00000000052D0000-memory.dmp

      Filesize

      1.6MB

      Download

    • memory/2136-938-0x0000000002020000-0x000000000206C000-memory.dmp

      Filesize

      304KB

      Download

    • memory/2136-0-0x00000000000B0000-0x00000000002D8000-memory.dmp

      Filesize

      2.2MB

      Download

    • memory/2136-44-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-1-0x0000000074CF0000-0x00000000753DE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2136-2-0x0000000004BB0000-0x0000000004DB8000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-3-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-18-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-20-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-42-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-984-0x0000000074CF0000-0x00000000753DE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2136-40-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-16-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-6-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-22-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-38-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-36-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-34-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-32-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-30-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-28-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-26-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-24-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-14-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-48-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-8-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-10-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2136-12-0x0000000004BB0000-0x0000000004DB3000-memory.dmp

      Filesize

      2.0MB

      Download

    • memory/2164-4143-0x00000000001D0000-0x0000000000310000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2164-4144-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2164-4145-0x0000000004A80000-0x0000000004AC0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2164-5078-0x0000000000460000-0x0000000000461000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2164-5099-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2352-7320-0x0000000000400000-0x0000000000540000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2352-7340-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2352-7344-0x00000000003B0000-0x00000000003F0000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2352-8267-0x00000000003A0000-0x00000000003A1000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2352-8281-0x0000000074CA0000-0x000000007538E000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2408-4136-0x0000000001430000-0x00000000014B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2408-4140-0x000007FEF5C70000-0x000007FEF660D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2408-4139-0x0000000001430000-0x00000000014B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2408-4138-0x00000000010F0000-0x00000000010F8000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2408-4137-0x0000000019FB0000-0x000000001A292000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2408-4135-0x0000000001430000-0x00000000014B0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2408-4134-0x000007FEF5C70000-0x000007FEF660D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2760-949-0x0000000004800000-0x0000000004928000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2760-951-0x0000000004D50000-0x0000000004E7A000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2760-1903-0x0000000000420000-0x0000000000421000-memory.dmp

      Filesize

      4KB

      Download

    • memory/2760-946-0x00000000012C0000-0x0000000001400000-memory.dmp

      Filesize

      1.2MB

      Download

    • memory/2760-947-0x0000000074CF0000-0x00000000753DE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2760-1904-0x00000000051B0000-0x0000000005270000-memory.dmp

      Filesize

      768KB

      Download

    • memory/2760-948-0x0000000000C10000-0x0000000000C50000-memory.dmp

      Filesize

      256KB

      Download

    • memory/2760-1918-0x0000000074CF0000-0x00000000753DE000-memory.dmp

      Filesize

      6.9MB

      Download

    • memory/2808-8140-0x0000000001760000-0x00000000017E0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2808-8266-0x0000000000F80000-0x0000000000F88000-memory.dmp

      Filesize

      32KB

      Download

    • memory/2808-8260-0x000007FEF52D0000-0x000007FEF5C6D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2808-8271-0x0000000001760000-0x00000000017E0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2808-8202-0x0000000001760000-0x00000000017E0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2808-8141-0x0000000001760000-0x00000000017E0000-memory.dmp

      Filesize

      512KB

      Download

    • memory/2808-10219-0x000007FEF52D0000-0x000007FEF5C6D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2808-10487-0x000007FEF52D0000-0x000007FEF5C6D000-memory.dmp

      Filesize

      9.6MB

      Download

    • memory/2808-8138-0x0000000019EB0000-0x000000001A192000-memory.dmp

      Filesize

      2.9MB

      Download

    • memory/2808-8139-0x000007FEF52D0000-0x000007FEF5C6D000-memory.dmp

      Filesize

      9.6MB

      Download