zgrat | 81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
12/03/2024, 02:51

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
Size

3.6MB
MD5

0bf1924b9798aca8209bd09c8b9bfa91
SHA1

73822b5c501c392c71ab5433ac7a4aa0621705f9
SHA256

81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878
SHA512

cecdc8b1bf30d84a79ad85517e7007f8cb27e60524e295a58a862408d176ec0050dd7f6ed04b761208451c0f834c2f8644d542572c2268d4afd70f184d36d3a5
SSDEEP

49152:9vCcUyqT2muamcOcQFCLao+7oZO106h4YL6YmKl/DwiQx8kVBfsiZPJNtW9:9qaqTj5mcOcQF6aBl3nSyiy9

Score

10^/10

zgrat rat

Malware Config

Signatures

Detect ZGRat V1 4 IoCs

resource	yara_rule
behavioral2/memory/2796-0-0x0000000000EC0000-0x0000000001264000-memory.dmp	family_zgrat_v1
behavioral2/files/0x0007000000023222-93.dat	family_zgrat_v1
behavioral2/files/0x000a00000002311e-105.dat	family_zgrat_v1
behavioral2/files/0x000a00000002311e-106.dat	family_zgrat_v1

ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Detects executables packed with unregistered version of .NET Reactor 4 IoCs

resource	yara_rule
behavioral2/memory/2796-0-0x0000000000EC0000-0x0000000001264000-memory.dmp	INDICATOR_EXE_Packed_DotNetReactor
behavioral2/files/0x0007000000023222-93.dat	INDICATOR_EXE_Packed_DotNetReactor
behavioral2/files/0x000a00000002311e-105.dat	INDICATOR_EXE_Packed_DotNetReactor
behavioral2/files/0x000a00000002311e-106.dat	INDICATOR_EXE_Packed_DotNetReactor

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000\Control Panel\International\Geo\Nation	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Executes dropped EXE 1 IoCs

pid	Process
3692	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files\Windows NT\Accessories\en-US\sppsvc.exe	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
File created	C:\Program Files\Windows NT\Accessories\en-US\0a1fd5f707cd16	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Drops file in Windows directory 4 IoCs

description	ioc	Process
File created	C:\Windows\Cursors\wininit.exe	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
File created	C:\Windows\Cursors\56085415360792	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\Assets\unsecapp.exe	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
File created	C:\Windows\SystemApps\NcsiUwpApp_8wekyb3d8bbwe\Assets\29c1c3cc0f7685	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-399997616-3400990511-967324271-1000_Classes\Local Settings	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery

T1018

pid	Process
1664	PING.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
Token: SeDebugPrivilege	3692	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3692	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Suspicious use of WriteProcessMemory 8 IoCs

description	pid	Process	procid_target
PID 2796 wrote to memory of 4404	2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe	90
PID 2796 wrote to memory of 4404	2796	81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe	90
PID 4404 wrote to memory of 3244	4404	cmd.exe	92
PID 4404 wrote to memory of 3244	4404	cmd.exe	92
PID 4404 wrote to memory of 1664	4404	cmd.exe	93
PID 4404 wrote to memory of 1664	4404	cmd.exe	93
PID 4404 wrote to memory of 3692	4404	cmd.exe	101
PID 4404 wrote to memory of 3692	4404	cmd.exe	101

C:\Users\Admin\AppData\Local\Temp\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
"C:\Users\Admin\AppData\Local\Temp\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe"
1⤵
- Checks computer location settings
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2796
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\AppData\Local\Temp\Jd68TKcwJQ.bat"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4404
- - C:\Windows\system32\chcp.com
    chcp 65001
    3⤵
    PID:3244
- - C:\Windows\system32\PING.EXE
    ping -n 10 localhost
    3⤵
    - Runs ping.exe
    PID:1664
- - C:\odt\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe
    "C:\odt\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3692

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Windows NT\Accessories\en-US\sppsvc.exe

Filesize
3.6MB

MD5
0bf1924b9798aca8209bd09c8b9bfa91

SHA1
73822b5c501c392c71ab5433ac7a4aa0621705f9

SHA256
81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878

SHA512
cecdc8b1bf30d84a79ad85517e7007f8cb27e60524e295a58a862408d176ec0050dd7f6ed04b761208451c0f834c2f8644d542572c2268d4afd70f184d36d3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe.log

Filesize
1KB

MD5
98d93f7a2239452aef29ed995c71b759

SHA1
d1fc6bff08e49cb16a1e5d0b0348232282cf5677

SHA256
399712789c6f2c7bd1b7afdf835eb2ac525632424daf08e751186195ebdbba52

SHA512
1073e74c9f065aa02be1bfb172308c555c0ad0c5ff35315d76de23d2c6daf1d3fe0b32042a428431847d09b679f14cb129c058af3277e9ed16787d37ae276d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\Jd68TKcwJQ.bat

Filesize
203B

MD5
e0cf73c57d1c6ec55aac9fdf575bf09a

SHA1
9d4f475a2e48cb3040939ef10f38b526f98879f6

SHA256
e75f867125a8825e818f4e2f645689c0cd26603093d828e26bc85bb3e67a7671

SHA512
733830a9d78a7349daf0db828f54a7aeb08b2e7ec7eabb4c6831e48053bd92c9ccb626319faa9bcac28beb0b4558bbb6be81321b4e827031c1413ac9dc9b9b56

Download Submit
C:\odt\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Filesize
2.0MB

MD5
fc93634d05b9862f115d1da18ca134d9

SHA1
8273cb6de920bc7fe3093502535da55cec11476b

SHA256
886b65db0393e56d8e57a411f3678e89eb58c39c10aa8d4e11d68effa65e1da4

SHA512
e97229637cdc3df386ecd4248a1355a603619fe58dcfa7b27472dac3a1d5a14f20e6d4e23f7cf90838b14581a44b53498d555dcc190f074a61645e8c6d3508ce

Download Submit
C:\odt\81b6bfa7d970e0c7305eac8aeddbb465ec88b5c1546fa461a562cdfcc50dc878.exe

Filesize
1.9MB

MD5
cb380d494a553331a1648e12be216367

SHA1
9ff71371fb069de303bcdcd3dbc738aeb35f42d6

SHA256
0f03724b2b228af934ff1d00c9e8e14fd227fcdfa99741d6c05125fbe2180d82

SHA512
8ccfcbf7fdbf43eecd7d2ed6a8d7ccf509aa9fc4a6b15a843a18c8beb2764ff02195447ca0e4774ec3226754917c053dedc6727d8936bed998e911d5ed2b29f8

Download Submit
memory/2796-40-0x00007FFBE8B60000-0x00007FFBE8B61000-memory.dmp

Filesize
4KB

Download
memory/2796-47-0x00007FFBE8B40000-0x00007FFBE8B41000-memory.dmp

Filesize
4KB

Download
memory/2796-43-0x00007FFBE93D0000-0x00007FFBE948E000-memory.dmp

Filesize
760KB

Download
memory/2796-3-0x00000000019F0000-0x00000000019F1000-memory.dmp

Filesize
4KB

Download
memory/2796-6-0x0000000003480000-0x00000000034A6000-memory.dmp

Filesize
152KB

Download
memory/2796-4-0x000000001BFA0000-0x000000001BFB0000-memory.dmp

Filesize
64KB

Download
memory/2796-7-0x00007FFBE93D0000-0x00007FFBE948E000-memory.dmp

Filesize
760KB

Download
memory/2796-8-0x00007FFBE9330000-0x00007FFBE9331000-memory.dmp

Filesize
4KB

Download
memory/2796-9-0x00007FFBE93D0000-0x00007FFBE948E000-memory.dmp

Filesize
760KB

Download
memory/2796-11-0x0000000001B80000-0x0000000001B8E000-memory.dmp

Filesize
56KB

Download
memory/2796-12-0x00007FFBE9320000-0x00007FFBE9321000-memory.dmp

Filesize
4KB

Download
memory/2796-15-0x0000000001BB0000-0x0000000001BCC000-memory.dmp

Filesize
112KB

Download
memory/2796-14-0x00007FFBE9310000-0x00007FFBE9311000-memory.dmp

Filesize
4KB

Download
memory/2796-16-0x000000001BF30000-0x000000001BF80000-memory.dmp

Filesize
320KB

Download
memory/2796-18-0x0000000001B90000-0x0000000001BA0000-memory.dmp

Filesize
64KB

Download
memory/2796-19-0x00007FFBE9300000-0x00007FFBE9301000-memory.dmp

Filesize
4KB

Download
memory/2796-21-0x0000000003630000-0x0000000003648000-memory.dmp

Filesize
96KB

Download
memory/2796-24-0x00007FFBCC4E0000-0x00007FFBCCFA1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-23-0x0000000001BA0000-0x0000000001BB0000-memory.dmp

Filesize
64KB

Download
memory/2796-25-0x00007FFBE92F0000-0x00007FFBE92F1000-memory.dmp

Filesize
4KB

Download
memory/2796-26-0x00007FFBE92E0000-0x00007FFBE92E1000-memory.dmp

Filesize
4KB

Download
memory/2796-29-0x0000000003610000-0x0000000003620000-memory.dmp

Filesize
64KB

Download
memory/2796-27-0x000000001BFA0000-0x000000001BFB0000-memory.dmp

Filesize
64KB

Download
memory/2796-30-0x00007FFBE92D0000-0x00007FFBE92D1000-memory.dmp

Filesize
4KB

Download
memory/2796-32-0x0000000003620000-0x000000000362E000-memory.dmp

Filesize
56KB

Download
memory/2796-33-0x00007FFBE92C0000-0x00007FFBE92C1000-memory.dmp

Filesize
4KB

Download
memory/2796-35-0x0000000003650000-0x000000000365E000-memory.dmp

Filesize
56KB

Download
memory/2796-36-0x00007FFBE92B0000-0x00007FFBE92B1000-memory.dmp

Filesize
4KB

Download
memory/2796-37-0x000000001BFA0000-0x000000001BFB0000-memory.dmp

Filesize
64KB

Download
memory/2796-0-0x0000000000EC0000-0x0000000001264000-memory.dmp

Filesize
3.6MB

Download
memory/2796-39-0x000000001D260000-0x000000001D272000-memory.dmp

Filesize
72KB

Download
memory/2796-42-0x000000001BF80000-0x000000001BF90000-memory.dmp

Filesize
64KB

Download
memory/2796-2-0x000000001BFA0000-0x000000001BFB0000-memory.dmp

Filesize
64KB

Download
memory/2796-1-0x00007FFBCC4E0000-0x00007FFBCCFA1000-memory.dmp

Filesize
10.8MB

Download
memory/2796-56-0x000000001D280000-0x000000001D28C000-memory.dmp

Filesize
48KB

Download
memory/2796-46-0x000000001D2A0000-0x000000001D2B6000-memory.dmp

Filesize
88KB

Download
memory/2796-48-0x00007FFBE8B30000-0x00007FFBE8B31000-memory.dmp

Filesize
4KB

Download
memory/2796-50-0x000000001D2C0000-0x000000001D2D2000-memory.dmp

Filesize
72KB

Download
memory/2796-51-0x000000001D810000-0x000000001DD38000-memory.dmp

Filesize
5.2MB

Download
memory/2796-53-0x000000001BF90000-0x000000001BF9E000-memory.dmp

Filesize
56KB

Download
memory/2796-54-0x00007FFBE8B20000-0x00007FFBE8B21000-memory.dmp

Filesize
4KB

Download
memory/2796-44-0x00007FFBE8B50000-0x00007FFBE8B51000-memory.dmp

Filesize
4KB

Download
memory/2796-57-0x00007FFBE8B10000-0x00007FFBE8B11000-memory.dmp

Filesize
4KB

Download
memory/2796-58-0x00007FFBE8B00000-0x00007FFBE8B01000-memory.dmp

Filesize
4KB

Download
memory/2796-60-0x000000001D290000-0x000000001D2A0000-memory.dmp

Filesize
64KB

Download
memory/2796-62-0x000000001D2E0000-0x000000001D2F0000-memory.dmp

Filesize
64KB

Download
memory/2796-63-0x00007FFBE8AF0000-0x00007FFBE8AF1000-memory.dmp

Filesize
4KB

Download
memory/2796-66-0x00007FFBE8AE0000-0x00007FFBE8AE1000-memory.dmp

Filesize
4KB

Download
memory/2796-65-0x000000001D350000-0x000000001D3AA000-memory.dmp

Filesize
360KB

Download
memory/2796-68-0x000000001D2F0000-0x000000001D2FE000-memory.dmp

Filesize
56KB

Download
memory/2796-69-0x00007FFBE8AD0000-0x00007FFBE8AD1000-memory.dmp

Filesize
4KB

Download
memory/2796-71-0x000000001D300000-0x000000001D310000-memory.dmp

Filesize
64KB

Download
memory/2796-72-0x00007FFBE8AC0000-0x00007FFBE8AC1000-memory.dmp

Filesize
4KB

Download
memory/2796-74-0x000000001D310000-0x000000001D31E000-memory.dmp

Filesize
56KB

Download
memory/2796-75-0x00007FFBE8AB0000-0x00007FFBE8AB1000-memory.dmp

Filesize
4KB

Download
memory/2796-76-0x00007FFBE8AA0000-0x00007FFBE8AA1000-memory.dmp

Filesize
4KB

Download
memory/2796-78-0x000000001D3B0000-0x000000001D3C8000-memory.dmp

Filesize
96KB

Download
memory/2796-80-0x000000001D320000-0x000000001D32C000-memory.dmp

Filesize
48KB

Download
memory/2796-81-0x00007FFBE8A90000-0x00007FFBE8A91000-memory.dmp

Filesize
4KB

Download
memory/2796-82-0x00007FFBE8A80000-0x00007FFBE8A81000-memory.dmp

Filesize
4KB

Download
memory/2796-84-0x000000001D420000-0x000000001D46E000-memory.dmp

Filesize
312KB

Download
memory/2796-100-0x000000001DE40000-0x000000001DEE9000-memory.dmp

Filesize
676KB

Download
memory/2796-101-0x00007FFBE93D0000-0x00007FFBE948E000-memory.dmp

Filesize
760KB

Download
memory/2796-103-0x00007FFBCC4E0000-0x00007FFBCCFA1000-memory.dmp

Filesize
10.8MB

Download
memory/3692-108-0x00007FFBCBE20000-0x00007FFBCC8E1000-memory.dmp

Filesize
10.8MB

Download
memory/3692-167-0x000000001D750000-0x000000001D7F9000-memory.dmp

Filesize
676KB

Download