ratty | 37c49983dfd813e67d898b4088ea29e2146674aeba37059944db194a004dc2af

Analysis

max time kernel
50s
max time network
53s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-10-2024 02:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1.jar
Size

1.1MB
MD5

a5483a74a3cbf726d2ebf659247ec9c7
SHA1

a9b28e22845934adff30ad44b293d714230344ea
SHA256

37c49983dfd813e67d898b4088ea29e2146674aeba37059944db194a004dc2af
SHA512

a651326628acade8adebeeec9c974d087f22cb8d868c98432c8f967ab4180c6beb7186c7b0b31e6428240017f360270d6ce90f31953c8fafe5dc4e5e0ecc9ad7
SSDEEP

24576:dzhTX3kLlzYc4lMTboiqSr9xZXfRCUOutEUKIzWG:dzSLlUpSbYIn/Cl8zWG

Score

10^/10

ratty persistence rat trojan

Malware Config

Signatures

Ratty
Ratty is an open source Java Remote Access Tool.
trojan rat ratty

Ratty Rat payload 1 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\1.jar	family_ratty

Drops startup file 1 IoCs

Processes:

java.exe

description ioc process

File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.jar java.exe
Loads dropped DLL 1 IoCs

Processes:

java.exe

pid process

3592 java.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.jar	java.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

REG.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1.jar = "C:\\Users\\Admin\\AppData\\Roaming\\1.jar"	REG.exe

Modifies registry class 4 IoCs

Processes:

java.exeOpenWith.exeOpenWith.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	java.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	OpenWith.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

REG.exe

pid process

1252 REG.exe

pid	process
1252	REG.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

java.exe

pid	process
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe
3592	java.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

java.exe

description	pid	process	target process
PID 3592 wrote to memory of 1252	3592	java.exe	REG.exe
PID 3592 wrote to memory of 1252	3592	java.exe	REG.exe
PID 3592 wrote to memory of 620	3592	java.exe	attrib.exe
PID 3592 wrote to memory of 620	3592	java.exe	attrib.exe
PID 3592 wrote to memory of 3684	3592	java.exe	attrib.exe
PID 3592 wrote to memory of 3684	3592	java.exe	attrib.exe

Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

620 attrib.exe
3684 attrib.exe

pid	process
620	attrib.exe
3684	attrib.exe

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\1.jar
1⤵
- Drops startup file
- Loads dropped DLL
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3592
- C:\Windows\SYSTEM32\REG.exe
  REG ADD HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v "1.jar" /d "C:\Users\Admin\AppData\Roaming\1.jar" /f
  2⤵
  - Adds Run key to start application
  - Modifies registry key
  PID:1252
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\1.jar
  2⤵
  - Views/modifies file attributes
  PID:620
- C:\Windows\SYSTEM32\attrib.exe
  attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1.jar
  2⤵
  - Views/modifies file attributes
  PID:3684

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:4936

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:4904

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\JNativeHook-7432773EB4D09DC286D43FCC77DDB0E1E3BCE2B4.dll

Filesize
83KB

MD5
55f4de7f270663b3dc712b8c9eed422a

SHA1
7432773eb4d09dc286d43fcc77ddb0e1e3bce2b4

SHA256
47c2871dff8948de40424df497962ea6167c56bd4d487dd2e660aa2837485e25

SHA512
9da5efb0236b3bb4ec72d07bfd70a9e3f373df95d97c825513babd43d2b91c8669e28f3464173e789dad092ea48fc8d32a9d11a6d5c8d9beeabd33860ce6a996

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio1352214807412902982.tmp

Filesize
5KB

MD5
759d757c7f5e7baf0a0afbbe2b665fa9

SHA1
bece81b8109595313e1a8f7c0fa0435fbd54a56c

SHA256
31df6ab770623bf7b2e7f9f17a64718bb8a66142f14349c9d988a9d3de20df13

SHA512
938a3f3f754c0a05eee6b70bc6d3adf6eb52a4591c17b984b0019fd842c45773a1c12e90909bf4d3bf2a4dff9e8baf3f8fa3129bd8c030fd10bda5d3afd8933b

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2782079529945262873.tmp

Filesize
5KB

MD5
4d574d102c935c80eaffe68db43b05d7

SHA1
b43f44e10b8302bac1bdd90a2c6b8b0a84b8f4e5

SHA256
6ad76f7d99ac561d0707dc6746ddec5a584e1c1193fd62ecefa5c413a92bda27

SHA512
66540d8501b1253068720a03aeb384f2a928ad26617db2c82d607596d3eebf9e236291ac0e351308dc8f61fed2a898da75a0992a17240dce664d1441796d4434

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio2910068380488363216.tmp

Filesize
4KB

MD5
4cd9285d3ec27eef3794257652b8870a

SHA1
dc5fe005391167db7950072ae782314f2424a18c

SHA256
7a93d1077a8a37a534f4ea903cefec2c1b7dd545bd8b4f2ba2030376ff1d4b10

SHA512
364d3dff0e4bef220099a3682878d83093301c548ea5cdf25908ebfd20727a26b147c85b85dc02f29d8c483683335dcd761556fcaee00acc878a9eb76a2b732b

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3199645825555846143.tmp

Filesize
1KB

MD5
2e03e5601739082aa7405d598955dd4c

SHA1
04b4a15c7aa19ce755b6acaefffcf12b34017070

SHA256
5430976fd16f0d0fb6b4657f5b85651661e8c353d00d9be36c90ac095818ea80

SHA512
4c33dd97ec5c5b5b11309a988cd8ee79f3c02d04e7609ad0405dff9ce166c803c05c3e343ccaca1c90ad3172c26238e00a542874574b92e7222e37880e44ff14

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio3910615842787304440.tmp

Filesize
4KB

MD5
bb3bfaadfbf190411704d1cc4c5af9a8

SHA1
42dc2828071d6a21022185ca854db6bc720d73b5

SHA256
47e63490a3de67dba355be6b8e270997d064a1cf55e2270f719ff6cd837715dd

SHA512
db816e3aba0eeaa9b48a7c8eb79423c887bb59b55e7110e4cabfe0c28e6c5b806d141b789bfad1bbf278eac636ac483f52f8e9ca9c9bbdfa6858e58c3de076ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio49271709296634972.tmp

Filesize
3KB

MD5
16ad7853ba57d1085c45ba66677ff88f

SHA1
0025152eb099de7ef3ab1bf34e62dad25d68b71f

SHA256
9521a5f7a24dabd1b1bf5a15b68c66445c2c9a6ace6c7dcef96b5b3fb17384c4

SHA512
b89f6c1052dad467103ad010641f0c25f20497d034d97c5cc75a389f291414b0e8a02d4cc491e4bbe8eb96ac085af679477c115660f9fbe5dc85de0c008a3486

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio5482958512502368045.tmp

Filesize
5KB

MD5
1b1213c464ba658fea9193452b35c7ea

SHA1
dc9e46786387d6a32b52586245dc3709eb52b93f

SHA256
d3106e34fc4c0df4c950fc3821bd97d52d73adcf46d91b849ef78345eabdbc84

SHA512
44f44ee50e90d3ea4fa56873c45e99234b04020089a49c4a8cf8599fed108bf6c17f4b8bcff100f99b1212b78f6d46a6ced80c434b27bc1f36df0634a1bf779d

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio6171375809956473731.tmp

Filesize
6KB

MD5
ef446412f3cea66f9d95ea39ec32ff89

SHA1
fe75d661dded7258bb57db846877ee30c45616d3

SHA256
68faab6f1b37316cf748cb69f663e1254885ba28a02b5303aebdf9030a380d73

SHA512
6e112b7bdd30efa2d04dbcc9667e0ac30da63196cd483b7949194ab2a79faf283e1a1bb19bb1b3793ec793c06b00881a1b0b5e492290b52220da39767d3683a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\imageio7580240197105683549.tmp

Filesize
6KB

MD5
5dad0d86c00519f127c9a288e14593ff

SHA1
9b9731bb3c95eb29de46eb8cf60ff4133999d2b8

SHA256
90cbf6e2067fd17833b71db0ac80566298f19aa85e31a56d33a2e2c4d5a20990

SHA512
73a0fb806cf8d8c56768e7a819b7a8057628f38e93e6eb9e0949f1c748d0968054e792622af4731f91bd3798b2361c5fe4cb3d3c84720e52183382dba7ad33f7

Download Submit
C:\Users\Admin\AppData\Roaming\1.jar

Filesize
1.1MB

MD5
a5483a74a3cbf726d2ebf659247ec9c7

SHA1
a9b28e22845934adff30ad44b293d714230344ea

SHA256
37c49983dfd813e67d898b4088ea29e2146674aeba37059944db194a004dc2af

SHA512
a651326628acade8adebeeec9c974d087f22cb8d868c98432c8f967ab4180c6beb7186c7b0b31e6428240017f360270d6ce90f31953c8fafe5dc4e5e0ecc9ad7

Download Submit
memory/3592-108-0x000001BE4E860000-0x000001BE4E870000-memory.dmp

Filesize
64KB

Download
memory/3592-193-0x000001BE4EA00000-0x000001BE4EA10000-memory.dmp

Filesize
64KB

Download
memory/3592-26-0x000001BE4E7B0000-0x000001BE4E7C0000-memory.dmp

Filesize
64KB

Download
memory/3592-118-0x000001BE4E930000-0x000001BE4E940000-memory.dmp

Filesize
64KB

Download
memory/3592-30-0x000001BE4E7C0000-0x000001BE4E7D0000-memory.dmp

Filesize
64KB

Download
memory/3592-29-0x000001BE4E4D0000-0x000001BE4E740000-memory.dmp

Filesize
2.4MB

Download
memory/3592-35-0x000001BE4E740000-0x000001BE4E750000-memory.dmp

Filesize
64KB

Download
memory/3592-34-0x000001BE4E7E0000-0x000001BE4E7F0000-memory.dmp

Filesize
64KB

Download
memory/3592-33-0x000001BE4E7D0000-0x000001BE4E7E0000-memory.dmp

Filesize
64KB

Download
memory/3592-38-0x000001BE4E750000-0x000001BE4E760000-memory.dmp

Filesize
64KB

Download
memory/3592-39-0x000001BE4E7F0000-0x000001BE4E800000-memory.dmp

Filesize
64KB

Download
memory/3592-48-0x000001BE4E780000-0x000001BE4E790000-memory.dmp

Filesize
64KB

Download
memory/3592-47-0x000001BE4E770000-0x000001BE4E780000-memory.dmp

Filesize
64KB

Download
memory/3592-46-0x000001BE4E820000-0x000001BE4E830000-memory.dmp

Filesize
64KB

Download
memory/3592-45-0x000001BE4E810000-0x000001BE4E820000-memory.dmp

Filesize
64KB

Download
memory/3592-44-0x000001BE4E800000-0x000001BE4E810000-memory.dmp

Filesize
64KB

Download
memory/3592-43-0x000001BE4E760000-0x000001BE4E770000-memory.dmp

Filesize
64KB

Download
memory/3592-50-0x000001BE4E830000-0x000001BE4E840000-memory.dmp

Filesize
64KB

Download
memory/3592-56-0x000001BE4E840000-0x000001BE4E850000-memory.dmp

Filesize
64KB

Download
memory/3592-55-0x000001BE4E790000-0x000001BE4E7A0000-memory.dmp

Filesize
64KB

Download
memory/3592-61-0x000001BE4E7A0000-0x000001BE4E7B0000-memory.dmp

Filesize
64KB

Download
memory/3592-62-0x000001BE4E850000-0x000001BE4E860000-memory.dmp

Filesize
64KB

Download
memory/3592-63-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-65-0x000001BE4E7B0000-0x000001BE4E7C0000-memory.dmp

Filesize
64KB

Download
memory/3592-66-0x000001BE4E860000-0x000001BE4E870000-memory.dmp

Filesize
64KB

Download
memory/3592-76-0x000001BE4E870000-0x000001BE4E880000-memory.dmp

Filesize
64KB

Download
memory/3592-75-0x000001BE4E7C0000-0x000001BE4E7D0000-memory.dmp

Filesize
64KB

Download
memory/3592-81-0x000001BE4E880000-0x000001BE4E890000-memory.dmp

Filesize
64KB

Download
memory/3592-80-0x000001BE4E7E0000-0x000001BE4E7F0000-memory.dmp

Filesize
64KB

Download
memory/3592-79-0x000001BE4E7D0000-0x000001BE4E7E0000-memory.dmp

Filesize
64KB

Download
memory/3592-83-0x000001BE4E890000-0x000001BE4E8A0000-memory.dmp

Filesize
64KB

Download
memory/3592-86-0x000001BE4E8A0000-0x000001BE4E8B0000-memory.dmp

Filesize
64KB

Download
memory/3592-85-0x000001BE4E7F0000-0x000001BE4E800000-memory.dmp

Filesize
64KB

Download
memory/3592-90-0x000001BE4E8B0000-0x000001BE4E8C0000-memory.dmp

Filesize
64KB

Download
memory/3592-89-0x000001BE4E820000-0x000001BE4E830000-memory.dmp

Filesize
64KB

Download
memory/3592-88-0x000001BE4E810000-0x000001BE4E820000-memory.dmp

Filesize
64KB

Download
memory/3592-87-0x000001BE4E800000-0x000001BE4E810000-memory.dmp

Filesize
64KB

Download
memory/3592-93-0x000001BE4E8C0000-0x000001BE4E8D0000-memory.dmp

Filesize
64KB

Download
memory/3592-94-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-95-0x000001BE4E830000-0x000001BE4E840000-memory.dmp

Filesize
64KB

Download
memory/3592-96-0x000001BE4E8D0000-0x000001BE4E8E0000-memory.dmp

Filesize
64KB

Download
memory/3592-98-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-101-0x000001BE4E8E0000-0x000001BE4E8F0000-memory.dmp

Filesize
64KB

Download
memory/3592-100-0x000001BE4E840000-0x000001BE4E850000-memory.dmp

Filesize
64KB

Download
memory/3592-104-0x000001BE4E850000-0x000001BE4E860000-memory.dmp

Filesize
64KB

Download
memory/3592-105-0x000001BE4E8F0000-0x000001BE4E900000-memory.dmp

Filesize
64KB

Download
memory/3592-109-0x000001BE4E900000-0x000001BE4E910000-memory.dmp

Filesize
64KB

Download
memory/3592-23-0x000001BE4E790000-0x000001BE4E7A0000-memory.dmp

Filesize
64KB

Download
memory/3592-111-0x000001BE4E870000-0x000001BE4E880000-memory.dmp

Filesize
64KB

Download
memory/3592-112-0x000001BE4E910000-0x000001BE4E920000-memory.dmp

Filesize
64KB

Download
memory/3592-115-0x000001BE4E920000-0x000001BE4E930000-memory.dmp

Filesize
64KB

Download
memory/3592-114-0x000001BE4E880000-0x000001BE4E890000-memory.dmp

Filesize
64KB

Download
memory/3592-28-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-19-0x000001BE4E770000-0x000001BE4E780000-memory.dmp

Filesize
64KB

Download
memory/3592-175-0x000001BE4E9F0000-0x000001BE4EA00000-memory.dmp

Filesize
64KB

Download
memory/3592-120-0x000001BE4E8A0000-0x000001BE4E8B0000-memory.dmp

Filesize
64KB

Download
memory/3592-124-0x000001BE4E950000-0x000001BE4E960000-memory.dmp

Filesize
64KB

Download
memory/3592-123-0x000001BE4E8B0000-0x000001BE4E8C0000-memory.dmp

Filesize
64KB

Download
memory/3592-128-0x000001BE4E8C0000-0x000001BE4E8D0000-memory.dmp

Filesize
64KB

Download
memory/3592-131-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-129-0x000001BE4E960000-0x000001BE4E970000-memory.dmp

Filesize
64KB

Download
memory/3592-133-0x000001BE4E970000-0x000001BE4E980000-memory.dmp

Filesize
64KB

Download
memory/3592-132-0x000001BE4E8D0000-0x000001BE4E8E0000-memory.dmp

Filesize
64KB

Download
memory/3592-135-0x000001BE4E8E0000-0x000001BE4E8F0000-memory.dmp

Filesize
64KB

Download
memory/3592-136-0x000001BE4E980000-0x000001BE4E990000-memory.dmp

Filesize
64KB

Download
memory/3592-142-0x000001BE4E990000-0x000001BE4E9A0000-memory.dmp

Filesize
64KB

Download
memory/3592-141-0x000001BE4E8F0000-0x000001BE4E900000-memory.dmp

Filesize
64KB

Download
memory/3592-144-0x000001BE4E900000-0x000001BE4E910000-memory.dmp

Filesize
64KB

Download
memory/3592-145-0x000001BE4E9A0000-0x000001BE4E9B0000-memory.dmp

Filesize
64KB

Download
memory/3592-148-0x000001BE4E9B0000-0x000001BE4E9C0000-memory.dmp

Filesize
64KB

Download
memory/3592-147-0x000001BE4E910000-0x000001BE4E920000-memory.dmp

Filesize
64KB

Download
memory/3592-149-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-151-0x000001BE4E920000-0x000001BE4E930000-memory.dmp

Filesize
64KB

Download
memory/3592-152-0x000001BE4E9C0000-0x000001BE4E9D0000-memory.dmp

Filesize
64KB

Download
memory/3592-154-0x000001BE4E930000-0x000001BE4E940000-memory.dmp

Filesize
64KB

Download
memory/3592-157-0x000001BE4E940000-0x000001BE4E950000-memory.dmp

Filesize
64KB

Download
memory/3592-158-0x000001BE4E950000-0x000001BE4E960000-memory.dmp

Filesize
64KB

Download
memory/3592-159-0x000001BE4E960000-0x000001BE4E970000-memory.dmp

Filesize
64KB

Download
memory/3592-160-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-161-0x000001BE4E970000-0x000001BE4E980000-memory.dmp

Filesize
64KB

Download
memory/3592-162-0x000001BE4E980000-0x000001BE4E990000-memory.dmp

Filesize
64KB

Download
memory/3592-163-0x000001BE4E990000-0x000001BE4E9A0000-memory.dmp

Filesize
64KB

Download
memory/3592-164-0x0000000065E40000-0x0000000065E55000-memory.dmp

Filesize
84KB

Download
memory/3592-165-0x000001BE4E9A0000-0x000001BE4E9B0000-memory.dmp

Filesize
64KB

Download
memory/3592-169-0x000001BE4E9D0000-0x000001BE4E9E0000-memory.dmp

Filesize
64KB

Download
memory/3592-168-0x000001BE4E9B0000-0x000001BE4E9C0000-memory.dmp

Filesize
64KB

Download
memory/3592-173-0x000001BE4E9C0000-0x000001BE4E9D0000-memory.dmp

Filesize
64KB

Download
memory/3592-121-0x000001BE4E940000-0x000001BE4E950000-memory.dmp

Filesize
64KB

Download
memory/3592-174-0x000001BE4E9E0000-0x000001BE4E9F0000-memory.dmp

Filesize
64KB

Download
memory/3592-176-0x000001BE4EA00000-0x000001BE4EA10000-memory.dmp

Filesize
64KB

Download
memory/3592-178-0x000001BE4EA10000-0x000001BE4EA20000-memory.dmp

Filesize
64KB

Download
memory/3592-180-0x000001BE4EA20000-0x000001BE4EA30000-memory.dmp

Filesize
64KB

Download
memory/3592-184-0x000001BE4E9D0000-0x000001BE4E9E0000-memory.dmp

Filesize
64KB

Download
memory/3592-187-0x000001BE4E9E0000-0x000001BE4E9F0000-memory.dmp

Filesize
64KB

Download
memory/3592-189-0x000001BE4EA30000-0x000001BE4EA40000-memory.dmp

Filesize
64KB

Download
memory/3592-188-0x000001BE4E9F0000-0x000001BE4EA00000-memory.dmp

Filesize
64KB

Download
memory/3592-191-0x000001BE4EA40000-0x000001BE4EA50000-memory.dmp

Filesize
64KB

Download
memory/3592-117-0x000001BE4E890000-0x000001BE4E8A0000-memory.dmp

Filesize
64KB

Download
memory/3592-24-0x000001BE4E7A0000-0x000001BE4E7B0000-memory.dmp

Filesize
64KB

Download
memory/3592-20-0x000001BE4E780000-0x000001BE4E790000-memory.dmp

Filesize
64KB

Download
memory/3592-16-0x000001BE4E760000-0x000001BE4E770000-memory.dmp

Filesize
64KB

Download
memory/3592-14-0x000001BE4E750000-0x000001BE4E760000-memory.dmp

Filesize
64KB

Download
memory/3592-12-0x000001BE4E740000-0x000001BE4E750000-memory.dmp

Filesize
64KB

Download
memory/3592-2-0x000001BE4E4D0000-0x000001BE4E740000-memory.dmp

Filesize
2.4MB

Download
memory/3592-195-0x0000000065E40000-0x0000000065E55000-memory.dmp

Filesize
84KB

Download
memory/3592-198-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download
memory/3592-285-0x000001BE4CC00000-0x000001BE4CC01000-memory.dmp

Filesize
4KB

Download