strrat | 6c0658315b96ee5b7c95c60279714f9c95017fb22f451c5a73af91583889f1c1

Analysis

max time kernel
148s
max time network
151s
platform
windows7_x64
resource
win7-en-20210920
submitted
15-10-2021 12:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PAYMENT SLIP 2.jar
Size

184KB
MD5

6f8a0a71fa4e9b4f871bd262dda7c0c1
SHA1

8ae0166ac5d5a98cd379fd124829a5877d16e770
SHA256

6c0658315b96ee5b7c95c60279714f9c95017fb22f451c5a73af91583889f1c1
SHA512

1b5e806fcdbc5abca5f16fc1974125b38bb41b2800a4bd981ea4c08dab6f9b3e391b04f2e581672de3e756a1fa8f08fe297376bf687fc8ebd11693f75bd4fbdc

Score

10^/10

strrat persistence stealer trojan

Malware Config

Signatures

STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
trojan stealer strrat
Drops startup file 1 IoCs

Processes:

java.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAYMENT SLIP 2.jar java.exe
Loads dropped DLL 2 IoCs

Processes:

java.exejava.exe

pid process

1868 java.exe
1748 java.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PAYMENT SLIP 2.jar	java.exe

pid	process
1868	java.exe
1748	java.exe

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

java.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-3456797065-1076791440-4146276586-1000\Software\Microsoft\Windows\CurrentVersion\Run\PAYMENT SLIP 2 = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\PAYMENT SLIP 2.jar\""	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PAYMENT SLIP 2 = "\"C:\\Program Files\\Java\\jre7\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\PAYMENT SLIP 2.jar\""	java.exe

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

11 ip-api.com
Drops file in Program Files directory 1 IoCs

Processes:

java.exe

description ioc process

File created C:\Program Files\Java\jre7\PAYMENT SLIP 2.jar java.exe
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task
T1053

Processes:

schtasks.exe

pid process

1068 schtasks.exe

flow	ioc
11	ip-api.com

description	ioc	process
File created	C:\Program Files\Java\jre7\PAYMENT SLIP 2.jar	java.exe

pid	process
1068	schtasks.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

WMIC.exeWMIC.exe

description	pid	process
Token: SeIncreaseQuotaPrivilege	2028	WMIC.exe
Token: SeSecurityPrivilege	2028	WMIC.exe
Token: SeTakeOwnershipPrivilege	2028	WMIC.exe
Token: SeLoadDriverPrivilege	2028	WMIC.exe
Token: SeSystemProfilePrivilege	2028	WMIC.exe
Token: SeSystemtimePrivilege	2028	WMIC.exe
Token: SeProfSingleProcessPrivilege	2028	WMIC.exe
Token: SeIncBasePriorityPrivilege	2028	WMIC.exe
Token: SeCreatePagefilePrivilege	2028	WMIC.exe
Token: SeBackupPrivilege	2028	WMIC.exe
Token: SeRestorePrivilege	2028	WMIC.exe
Token: SeShutdownPrivilege	2028	WMIC.exe
Token: SeDebugPrivilege	2028	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2028	WMIC.exe
Token: SeRemoteShutdownPrivilege	2028	WMIC.exe
Token: SeUndockPrivilege	2028	WMIC.exe
Token: SeManageVolumePrivilege	2028	WMIC.exe
Token: 33	2028	WMIC.exe
Token: 34	2028	WMIC.exe
Token: 35	2028	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2028	WMIC.exe
Token: SeSecurityPrivilege	2028	WMIC.exe
Token: SeTakeOwnershipPrivilege	2028	WMIC.exe
Token: SeLoadDriverPrivilege	2028	WMIC.exe
Token: SeSystemProfilePrivilege	2028	WMIC.exe
Token: SeSystemtimePrivilege	2028	WMIC.exe
Token: SeProfSingleProcessPrivilege	2028	WMIC.exe
Token: SeIncBasePriorityPrivilege	2028	WMIC.exe
Token: SeCreatePagefilePrivilege	2028	WMIC.exe
Token: SeBackupPrivilege	2028	WMIC.exe
Token: SeRestorePrivilege	2028	WMIC.exe
Token: SeShutdownPrivilege	2028	WMIC.exe
Token: SeDebugPrivilege	2028	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2028	WMIC.exe
Token: SeRemoteShutdownPrivilege	2028	WMIC.exe
Token: SeUndockPrivilege	2028	WMIC.exe
Token: SeManageVolumePrivilege	2028	WMIC.exe
Token: 33	2028	WMIC.exe
Token: 34	2028	WMIC.exe
Token: 35	2028	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1624	WMIC.exe
Token: SeSecurityPrivilege	1624	WMIC.exe
Token: SeTakeOwnershipPrivilege	1624	WMIC.exe
Token: SeLoadDriverPrivilege	1624	WMIC.exe
Token: SeSystemProfilePrivilege	1624	WMIC.exe
Token: SeSystemtimePrivilege	1624	WMIC.exe
Token: SeProfSingleProcessPrivilege	1624	WMIC.exe
Token: SeIncBasePriorityPrivilege	1624	WMIC.exe
Token: SeCreatePagefilePrivilege	1624	WMIC.exe
Token: SeBackupPrivilege	1624	WMIC.exe
Token: SeRestorePrivilege	1624	WMIC.exe
Token: SeShutdownPrivilege	1624	WMIC.exe
Token: SeDebugPrivilege	1624	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1624	WMIC.exe
Token: SeRemoteShutdownPrivilege	1624	WMIC.exe
Token: SeUndockPrivilege	1624	WMIC.exe
Token: SeManageVolumePrivilege	1624	WMIC.exe
Token: 33	1624	WMIC.exe
Token: 34	1624	WMIC.exe
Token: 35	1624	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1624	WMIC.exe
Token: SeSecurityPrivilege	1624	WMIC.exe
Token: SeTakeOwnershipPrivilege	1624	WMIC.exe
Token: SeLoadDriverPrivilege	1624	WMIC.exe

Suspicious use of WriteProcessMemory 36 IoCs

Processes:

java.exejava.exejava.execmd.exejava.execmd.execmd.execmd.exe

description	pid	process	target process
PID 1504 wrote to memory of 1824	1504	java.exe	java.exe
PID 1504 wrote to memory of 1824	1504	java.exe	java.exe
PID 1504 wrote to memory of 1824	1504	java.exe	java.exe
PID 1824 wrote to memory of 1868	1824	java.exe	java.exe
PID 1824 wrote to memory of 1868	1824	java.exe	java.exe
PID 1824 wrote to memory of 1868	1824	java.exe	java.exe
PID 1868 wrote to memory of 1676	1868	java.exe	cmd.exe
PID 1868 wrote to memory of 1676	1868	java.exe	cmd.exe
PID 1868 wrote to memory of 1676	1868	java.exe	cmd.exe
PID 1868 wrote to memory of 1748	1868	java.exe	java.exe
PID 1868 wrote to memory of 1748	1868	java.exe	java.exe
PID 1868 wrote to memory of 1748	1868	java.exe	java.exe
PID 1676 wrote to memory of 1068	1676	cmd.exe	schtasks.exe
PID 1676 wrote to memory of 1068	1676	cmd.exe	schtasks.exe
PID 1676 wrote to memory of 1068	1676	cmd.exe	schtasks.exe
PID 1748 wrote to memory of 1472	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 1472	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 1472	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 512	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 512	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 512	1748	java.exe	cmd.exe
PID 512 wrote to memory of 1624	512	cmd.exe	WMIC.exe
PID 512 wrote to memory of 1624	512	cmd.exe	WMIC.exe
PID 512 wrote to memory of 1624	512	cmd.exe	WMIC.exe
PID 1748 wrote to memory of 1528	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 1528	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 1528	1748	java.exe	cmd.exe
PID 1528 wrote to memory of 820	1528	cmd.exe	WMIC.exe
PID 1528 wrote to memory of 820	1528	cmd.exe	WMIC.exe
PID 1528 wrote to memory of 820	1528	cmd.exe	WMIC.exe
PID 1748 wrote to memory of 1388	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 1388	1748	java.exe	cmd.exe
PID 1748 wrote to memory of 1388	1748	java.exe	cmd.exe
PID 1388 wrote to memory of 556	1388	cmd.exe	WMIC.exe
PID 1388 wrote to memory of 556	1388	cmd.exe	WMIC.exe
PID 1388 wrote to memory of 556	1388	cmd.exe	WMIC.exe

C:\Windows\system32\java.exe
java -jar "C:\Users\Admin\AppData\Local\Temp\PAYMENT SLIP 2.jar"
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:1504

C:\Program Files\Java\jre7\bin\java.exe
"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Program Files\Java\jre7\PAYMENT SLIP 2.jar"
2⤵
- Suspicious use of WriteProcessMemory
PID:1824

C:\Program Files\Java\jre7\bin\java.exe
"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\PAYMENT SLIP 2.jar"
3⤵
- Drops startup file
- Loads dropped DLL
- Adds Run key to start application
- Suspicious use of WriteProcessMemory
PID:1868

C:\Program Files\Java\jre7\bin\java.exe
"C:\Program Files\Java\jre7\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\PAYMENT SLIP 2.jar"
4⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1748

C:\Windows\system32\cmd.exe
cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list"
5⤵
PID:1472

C:\Windows\System32\Wbem\WMIC.exe
wmic /node:. /namespace:'\\root\cimv2' path win32_logicaldisk get volumeserialnumber /format:list
6⤵
- Suspicious use of AdjustPrivilegeToken
PID:2028

C:\Windows\system32\cmd.exe
cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list"
5⤵
- Suspicious use of WriteProcessMemory
PID:512

C:\Windows\System32\Wbem\WMIC.exe
wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get caption,OSArchitecture /format:list
6⤵
- Suspicious use of AdjustPrivilegeToken
PID:1624

C:\Windows\system32\cmd.exe
cmd.exe /c "wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list"
5⤵
- Suspicious use of WriteProcessMemory
PID:1528

C:\Windows\System32\Wbem\WMIC.exe
wmic /node:. /namespace:'\\root\cimv2' path win32_operatingsystem get version /format:list
6⤵
PID:820

C:\Windows\system32\cmd.exe
cmd.exe /c "wmic /node:localhost /namespace:'\\root\securitycenter' path antivirusproduct get displayname /format:list"
5⤵
- Suspicious use of WriteProcessMemory
PID:1388

C:\Windows\System32\Wbem\WMIC.exe
wmic /node:localhost /namespace:'\\root\securitycenter' path antivirusproduct get displayname /format:list
6⤵
PID:556

C:\Windows\system32\cmd.exe
cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\PAYMENT SLIP 2.jar"
4⤵
- Suspicious use of WriteProcessMemory
PID:1676

C:\Windows\system32\schtasks.exe
schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\PAYMENT SLIP 2.jar"
1⤵
- Creates scheduled task(s)
PID:1068

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

T1053

Persistence

Registry Run Keys / Startup Folder

T1060

Scheduled Task

T1053

Privilege Escalation

Scheduled Task

T1053

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre7\PAYMENT SLIP 2.jar
MD5
6f8a0a71fa4e9b4f871bd262dda7c0c1

SHA1
8ae0166ac5d5a98cd379fd124829a5877d16e770

SHA256
6c0658315b96ee5b7c95c60279714f9c95017fb22f451c5a73af91583889f1c1

SHA512
1b5e806fcdbc5abca5f16fc1974125b38bb41b2800a4bd981ea4c08dab6f9b3e391b04f2e581672de3e756a1fa8f08fe297376bf687fc8ebd11693f75bd4fbdc

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna8294246512392381824.dll
MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-3456797065-1076791440-4146276586-1000\83aa4cc77f591dfc2374580bbd95f6ba_9904da6a-19c3-4a6e-a0a9-89cb601578fd
MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\PAYMENT SLIP 2.jar
MD5
6f8a0a71fa4e9b4f871bd262dda7c0c1

SHA1
8ae0166ac5d5a98cd379fd124829a5877d16e770

SHA256
6c0658315b96ee5b7c95c60279714f9c95017fb22f451c5a73af91583889f1c1

SHA512
1b5e806fcdbc5abca5f16fc1974125b38bb41b2800a4bd981ea4c08dab6f9b3e391b04f2e581672de3e756a1fa8f08fe297376bf687fc8ebd11693f75bd4fbdc

Download Submit
C:\Users\Admin\AppData\Roaming\lib\jna-5.5.0.jar
MD5
acfb5b5fd9ee10bf69497792fd469f85

SHA1
0e0845217c4907822403912ad6828d8e0b256208

SHA256
b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e

SHA512
e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa

Download Submit
C:\Users\Admin\AppData\Roaming\lib\jna-platform-5.5.0.jar
MD5
2f4a99c2758e72ee2b59a73586a2322f

SHA1
af38e7c4d0fc73c23ecd785443705bfdee5b90bf

SHA256
24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5

SHA512
b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494

Download Submit
C:\Users\Admin\AppData\Roaming\lib\sqlite-jdbc-3.14.2.1.jar
MD5
b33387e15ab150a7bf560abdc73c3bec

SHA1
66b8075784131f578ef893fd7674273f709b9a4c

SHA256
2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491

SHA512
25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279

Download Submit
C:\Users\Admin\AppData\Roaming\lib\system-hook-3.5.jar
MD5
e1aa38a1e78a76a6de73efae136cdb3a

SHA1
c463da71871f780b2e2e5dba115d43953b537daf

SHA256
2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609

SHA512
fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d

Download Submit
C:\Users\Admin\PAYMENT SLIP 2.jar
MD5
6f8a0a71fa4e9b4f871bd262dda7c0c1

SHA1
8ae0166ac5d5a98cd379fd124829a5877d16e770

SHA256
6c0658315b96ee5b7c95c60279714f9c95017fb22f451c5a73af91583889f1c1

SHA512
1b5e806fcdbc5abca5f16fc1974125b38bb41b2800a4bd981ea4c08dab6f9b3e391b04f2e581672de3e756a1fa8f08fe297376bf687fc8ebd11693f75bd4fbdc

Download Submit
C:\Users\Admin\lib\jna-5.5.0.jar
MD5
acfb5b5fd9ee10bf69497792fd469f85

SHA1
0e0845217c4907822403912ad6828d8e0b256208

SHA256
b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e

SHA512
e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa

Download Submit
C:\Users\Admin\lib\jna-platform-5.5.0.jar
MD5
2f4a99c2758e72ee2b59a73586a2322f

SHA1
af38e7c4d0fc73c23ecd785443705bfdee5b90bf

SHA256
24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5

SHA512
b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494

Download Submit
C:\Users\Admin\lib\sqlite-jdbc-3.14.2.1.jar
MD5
b33387e15ab150a7bf560abdc73c3bec

SHA1
66b8075784131f578ef893fd7674273f709b9a4c

SHA256
2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491

SHA512
25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279

Download Submit
C:\Users\Admin\lib\system-hook-3.5.jar
MD5
e1aa38a1e78a76a6de73efae136cdb3a

SHA1
c463da71871f780b2e2e5dba115d43953b537daf

SHA256
2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609

SHA512
fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d

Download Submit
\Users\Admin\AppData\Local\Temp\jna-63116079\jna7341921947587976436.dll
MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
\Users\Admin\AppData\Local\Temp\jna-63116079\jna8294246512392381824.dll
MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
memory/512-102-0x0000000000000000-mapping.dmp

Download
memory/556-107-0x0000000000000000-mapping.dmp

Download
memory/820-105-0x0000000000000000-mapping.dmp

Download
memory/1068-90-0x0000000000000000-mapping.dmp

Download
memory/1388-106-0x0000000000000000-mapping.dmp

Download
memory/1472-101-0x0000000000000000-mapping.dmp

Download
memory/1504-59-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-53-0x000007FEFB8B1000-0x000007FEFB8B3000-memory.dmp

Filesize
8KB

Download
memory/1504-56-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-57-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-60-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-61-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-62-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-63-0x00000000001B0000-0x00000000001B1000-memory.dmp

Filesize
4KB

Download
memory/1504-55-0x0000000002200000-0x0000000002470000-memory.dmp

Filesize
2.4MB

Download
memory/1504-54-0x0000000002200000-0x0000000002470000-memory.dmp

Filesize
2.4MB

Download
memory/1528-104-0x0000000000000000-mapping.dmp

Download
memory/1624-103-0x0000000000000000-mapping.dmp

Download
memory/1676-86-0x0000000000000000-mapping.dmp

Download
memory/1748-94-0x0000000000420000-0x0000000000421000-memory.dmp

Filesize
4KB

Download
memory/1748-93-0x00000000022B0000-0x0000000002520000-memory.dmp

Filesize
2.4MB

Download
memory/1748-108-0x0000000000420000-0x0000000000421000-memory.dmp

Filesize
4KB

Download
memory/1748-87-0x0000000000000000-mapping.dmp

Download
memory/1824-73-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1824-66-0x0000000000000000-mapping.dmp

Download
memory/1824-76-0x0000000002320000-0x0000000002590000-memory.dmp

Filesize
2.4MB

Download
memory/1824-71-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1868-88-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1868-82-0x0000000001FF0000-0x0000000002260000-memory.dmp

Filesize
2.4MB

Download
memory/1868-78-0x0000000000120000-0x0000000000121000-memory.dmp

Filesize
4KB

Download
memory/1868-72-0x0000000000000000-mapping.dmp

Download