Resubmissions

03/11/2024, 04:16

241103-evtlwatqft 7

03/11/2024, 04:14

241103-etnz1axngn 6

Analysis

  • max time kernel
    1775s
  • max time network
    1800s
  • platform
    windows10-ltsc 2021_x64
  • resource
    win10ltsc2021-20241023-en
  • resource tags

    arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
  • submitted
    03/11/2024, 04:16

General

  • Target

    LK Rat.jar

  • Size

    1.4MB

  • MD5

    8c65d5456bcd4e07d64e87b856ffb2b2

  • SHA1

    81ec28c78875d17f08603b427b7783c0cc55bb80

  • SHA256

    74148c3575a944b44668549c4a25c9a02a822b464c70c20d91cef1866fd54e9c

  • SHA512

    6b3a424eb3f83308400007020bd81d71b60b7c6b15cdf5a1e45d53ab7cc343eb66de5077492686f582025c790a496804b8e6a36d49574ed9292fb3be0cf1178e

  • SSDEEP

    24576:M0enMGto+9l1JFpABv5gUIch/lqi++f89WTuh+fl1RFxAtHT5SlJtf:3eMGbxJYvKA9QYT/zRAsd

Malware Config

Signatures

  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 2 IoCs
  • Enumerates connected drives 3 TTPs 1 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious use of SetWindowsHookEx 5 IoCs
  • Suspicious use of WriteProcessMemory 24 IoCs
  • Views/modifies file attributes 1 TTPs 2 IoCs

Processes

  • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
    java -jar "C:\Users\Admin\AppData\Local\Temp\LK Rat.jar"
    1⤵
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:3636
    • C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
      java -jar C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp
      2⤵
      • Loads dropped DLL
      • Enumerates connected drives
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4564
      • C:\Windows\SYSTEM32\attrib.exe
        attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607382417.tmp
        3⤵
        • Views/modifies file attributes
        PID:1580
      • C:\Windows\SYSTEM32\cmd.exe
        cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607382417.tmp" /f"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2980
        • C:\Windows\system32\reg.exe
          REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607382417.tmp" /f
          4⤵
          • Adds Run key to start application
          PID:3408
      • C:\Windows\SYSTEM32\cmd.exe
        cmd.exe /c "REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /f"
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:4156
        • C:\Windows\system32\reg.exe
          REG DELETE HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /f
          4⤵
            PID:888
        • C:\Windows\SYSTEM32\cmd.exe
          cmd /c ping localhost -n 6 > nul && del C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp
          3⤵
          • System Network Configuration Discovery: Internet Connection Discovery
          • Suspicious use of WriteProcessMemory
          PID:3448
          • C:\Windows\system32\PING.EXE
            ping localhost -n 6
            4⤵
            • System Network Configuration Discovery: Internet Connection Discovery
            • Runs ping.exe
            PID:4752
        • C:\Program Files\Java\jre-1.8\bin\java.exe
          "C:\Program Files\Java\jre-1.8\bin\java" -cp C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp org.bridj.Platform$DeleteFiles C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\bridj.dll C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588 C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\OpenIMAJGrabber.dll
          3⤵
            PID:4744
        • C:\Windows\SYSTEM32\attrib.exe
          attrib +H C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381620.tmp
          2⤵
          • Views/modifies file attributes
          PID:2680
        • C:\Windows\SYSTEM32\cmd.exe
          cmd.exe /c "REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381620.tmp" /f"
          2⤵
          • Suspicious use of WriteProcessMemory
          PID:3296
          • C:\Windows\system32\reg.exe
            REG ADD HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /v Home /d "C:\Program Files\Java\jre-1.8\bin\javaw.exe -jar C:\Users\Admin\AppData\Roaming\Microsoft\.tmp\1730607381620.tmp" /f
            3⤵
            • Adds Run key to start application
            PID:3572

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

              Filesize

              46B

              MD5

              e4fef829f55c5835f5b2080bbb1a5606

              SHA1

              4e638a5cc62b5632eef009ca4879539b310fee1e

              SHA256

              76078661cc809e27745d1517647c6060f9cecf49b904ec5d59f74ca3f38963c5

              SHA512

              11aa7d21d87fb601b710c4ae9d8790ec9debb273be88338eee0310ef61d932c2513e9a76ed53ceb8391ea8d2455d2dd14f1550598d2725291f560decf5bb2609

            • C:\Users\Admin\.plugins\.libraries\jna70

              Filesize

              3.1MB

              MD5

              b22ef746fd14c702e5bd29b466c6312b

              SHA1

              19674f9167c56c0bbdaa3a4a48277b802e480000

              SHA256

              121f7a1d3aa9f538fd4710fd3a2175a7f062e1260d3e2df83752512a28f290d6

              SHA512

              0b1757fb6d17077b1046c73909623ddb180c6a02b872bcbb9aef40fceb9ed6ff268438e7cb62b9c5ce4c2fd944ea99cf4aa9d2d4b31d70806f1ba607fdb05b6e

            • C:\Users\Admin\.plugins\.libraries\jnh40

              Filesize

              203KB

              MD5

              de6cf300c801226d4b19e4fdc258975e

              SHA1

              49e72ddee45ca9cf332c50b4c716781ac0df07fd

              SHA256

              41565e543a043ee2073a0b3d93082b78614d2241aa2c6669e05385d94511851c

              SHA512

              1a152efe851bd1fb029924f4854a9374f0fbb8a78b5a73efd49b5807f45e7ffccac7ca780cc1bdf3090eda6e491b2e4afb57162efafba274196d92cb972fc05c

            • C:\Users\Admin\.plugins\.libraries\pr60

              Filesize

              2.2MB

              MD5

              137a448313d5b6d19279833d841b3590

              SHA1

              6ed5b437fb5c03879e8c1afcc0d97df4b7f1bbcd

              SHA256

              de349716e627e245e4b17fd487dba4033dbc92e5e22fb950c25514700334f97e

              SHA512

              6cca760abb063e97404cdd43a633c19f4afe459a1b975857e24040f503a77ab812c4347b150f4f3410522002a3c4365161cf4508b1e9d8e53987e3799638f573

            • C:\Users\Admin\.plugins\.libraries\wbcm40

              Filesize

              1.3MB

              MD5

              4331bdf536b724b5c49cfa83e89f55cb

              SHA1

              a9442345f3aa6f4e61fd9516b800f5fbb00d56b7

              SHA256

              54a8a2f553e7448eb01c90ed5d40fa1d61be15706131206d155ea3a2f70593ab

              SHA512

              4fbf66406871873b508a516178fee2bd7cbff9a44942b1f86c8c874057a08402a89b56342dbe5d81ae35fff4624a7b32f294898b99ee50585455b928245c32ee

            • C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\OpenIMAJGrabber.dll

              Filesize

              185KB

              MD5

              85f770f1418eac0ce7ba2858af58e728

              SHA1

              00dccd40f789ad5f3bff3954955f3c9f1b5eb0e0

              SHA256

              dc5671b2816a4c93d47193b9481aec9cad587414a5d5a3a51fc410abdef412cc

              SHA512

              d24cef1bb8bba8f0baed8ab71f995b04176b601128a607d37ba5747539a0458d06083a507ed2e7c20a34585ca98d9e2a5881336ad971edb065c7f9dc865bfc4f

            • C:\Users\Admin\AppData\Local\Temp\BridJExtractedLibraries6414967750426932588\bridj.dll

              Filesize

              137KB

              MD5

              eb31babd3452d99aeab24f0655e7610a

              SHA1

              3250d3ffa350d0d41fec53d7cbd73d7351b958e7

              SHA256

              ab1c3d1211903f7cd938702d806c423fbc32414589a5a4f77b6d4f999a7b6c02

              SHA512

              f5f81648c5462d1b19d2eac414a7afe8898c69436ca153f04a4862d6e267a939ddc2bd46a6a8df89d46d7703f7ad25700b2360b4882d79a5510629014973431e

            • C:\Users\Admin\AppData\Local\Temp\JNativeHook-2.1.0.x86_64.dll

              Filesize

              84KB

              MD5

              0285a117e67739776220c34ef08b2d43

              SHA1

              d32e6b1128407a7e59eff481c8643a116aa2f56a

              SHA256

              332c71776659988159f98e0e6621b1e37694a7a57f954e0c5ca2f95c939b8f59

              SHA512

              7a967cb11d5bb80adda24cd966aa4d389a54cb156e0b74406dd09023c48a39490b8cb18d84fa840c107b73e7008981a049544248dbce8c9e43bba212ed8352d2

            • C:\Users\Admin\AppData\Local\Temp\imageio101858737201356375.tmp

              Filesize

              584B

              MD5

              c6545ac56e958270088b4842f484756b

              SHA1

              f6381b020b0e2e6d8e26babfb0b65aa19522c527

              SHA256

              b2483dd24cc16817588d7fa3d9ab0c18d710e806c81bec419e7b918b4b07564c

              SHA512

              135e8bc052a56de4ddacb9fafea36657b09ed6a5e41d9ddb94a53adfe89ef0f6aeb9d41036949329c6a3d6f0d4375cbbcf8c09d0de4626ef14dc5a02edcb4e95

            • C:\Users\Admin\AppData\Local\Temp\imageio1134102006538769684.tmp

              Filesize

              484B

              MD5

              cc8fbb4440ae04418928c8d42e4ccb21

              SHA1

              bbbeed8e96bcfa4dfd977441a83566dbc638e079

              SHA256

              cd899a1183aeeac6a4c6a0f17d8af1845d244896d7e9fd309b1f486d918f89c0

              SHA512

              569892d513c1c56ceac24ee757e4868a14b4c3a5084c2b21192a36a171dd5240914621a203ebacb0ada0d65fc406c31be8346445fb3a86c0280515006376472c

            • C:\Users\Admin\AppData\Local\Temp\imageio1649898983950272527.tmp

              Filesize

              37KB

              MD5

              a3fd87970caee840ceece9d5f03705cd

              SHA1

              1ffab512b78568dbb851b1afd5a59aada4b9f517

              SHA256

              96f81802a005cab4416fe2667a969d614b47fd51287ddb312d429b592554ddf3

              SHA512

              551dfd67d9cf9057f69d884522169b39d2c0775cac08329829cb6c3691725c32f25be6ca75e6f116dbc2d248d46ebc276ac8fde0d51324cf709acbbfb0faf055

            • C:\Users\Admin\AppData\Local\Temp\imageio1885075669698556530.tmp

              Filesize

              111KB

              MD5

              99f63bc3411fb5e0d8341d148e90728f

              SHA1

              8e93e18e223574d591b38d26d27ef6b76ec0e2de

              SHA256

              44a9b7b4c03a1d80bcf40103320be2e07af556a93117f2ff2cd4addc1e1cd92d

              SHA512

              5a244a2f966073ef644bb1f12662729ba82fee09b8fab112f91dc2c7c2f2145a163150a9a263df69cc7c96ba4e08ca5b38e5adfe54863ea1c49c97e54e82055f

            • C:\Users\Admin\AppData\Local\Temp\imageio3204320663984823416.tmp

              Filesize

              110KB

              MD5

              7cf685211ab057057348162d17a3b241

              SHA1

              d0c9ad2894189714a2bd2dd771781033d77e4e55

              SHA256

              6538a9e54498dc9bd08870ced04865d46d66d32640b18f8eb076a0df15c78d4d

              SHA512

              14e1c5deb8c359ab8eae8169596044d9f6a3099174cb379acb51af74a0c668a926dcc72fd69033416c1f64aa21dceb42c59d55ae62127fdd64259f94ec8cfe13

            • C:\Users\Admin\AppData\Local\Temp\imageio5178256615677831783.tmp

              Filesize

              113KB

              MD5

              a849b8a304f12e6bbf2a28f81be42ca4

              SHA1

              d84561551274349e34df3bed6bdb141548057831

              SHA256

              102e104b20b3ed98a8f2ef238f40b111f4a8edbba38be2314b23027e2878f51b

              SHA512

              be3981bca6e57fd3acc21f37a0509e57524c3bb497fa75e67ebe896d3b254103fd943f8e7e10dd5cc24e168a195800041673b4f9cd2e3bc8915b5df56d87c7bd

            • C:\Users\Admin\AppData\Local\Temp\imageio6483592888713931545.tmp

              Filesize

              388B

              MD5

              b04d66da7b58ca382de0823bb8289f83

              SHA1

              f1cda021b46b23b6dd492efc1b4836ec66ecfe8a

              SHA256

              2aeb1f880743aa3a8fadf54c21ddbeb03e8dc335aea4d51a7ff4125b36ff77dd

              SHA512

              78afe40dfe9c0a55442bd8744ee0471898058d3f7898167dc47183ab58e5d2453155983e1ce59271baac3c3995c0c9a561513fdfc0d523f7f9fe216876200dce

            • C:\Users\Admin\AppData\Local\Temp\imageio7242620488406760401.tmp

              Filesize

              850B

              MD5

              21c3facdf1026c2dd79f0110eb9f7f0f

              SHA1

              93e0449d1e8a845a6253762b2af0d57efe97e036

              SHA256

              fb88993dd5cab2af179a4d0818b1114f17b6dd07f122370ef03da6c88f14afa2

              SHA512

              680ac6318c04416b26e3dc8192bdee5be269bd33ec422ca1700cc0b886f15e55a4d64dda0f0113cc3d7b7315b6cd61b37d2de4fec4fba5a04fc0a92f65c5761c

            • C:\Users\Admin\AppData\Local\Temp\imageio7269693736234604634.tmp

              Filesize

              395B

              MD5

              3338aa57aaaded7c314425d22be5483e

              SHA1

              b09b6bc78079488dba2112e92a5ca59388f0d382

              SHA256

              6ec54458e0593bd19cb9437e7c778d913c8cdf942bb0396e34866fae1aa96767

              SHA512

              d3c3c6c1a4ea7bd6c68c502bc2c720ae79d54f31062a55aac280d05e4ce27224a42e092fc3b9d0639e575722825b071e7d52b1a284fc20a0d4a30dbbb5bbf3f2

            • C:\Users\Admin\AppData\Local\Temp\imageio8391449983481194295.tmp

              Filesize

              36KB

              MD5

              8de294160f203eb55b8b5501ba785a48

              SHA1

              12726c32898647770a9a9ca3c5a89c8c203fa06b

              SHA256

              5768f893300d7260542dd79dad6ba7f17581559f902a72348079458c2e3f2490

              SHA512

              bdb8ac4c9497ca0725dbb6b92f83f254465737c383e27e611f39a859a5ec9f1e6bdd9a44b97ff2899e661d625a4a12862780fc23abb7a4b1ebfece48709f16d6

            • C:\Users\Admin\AppData\Local\Temp\imageio8431991807119653724.tmp

              Filesize

              351B

              MD5

              023126c0696b39485af6f57eb2911cdf

              SHA1

              60d74b4d1bc3b6f192b26c859bbafb23b8e4c9c9

              SHA256

              3d3c6dddbc54af1b647adab3fd9e84731891df92fdca5ddc5925496f5197f40a

              SHA512

              cb9c7ffb498855f3e5beace260029b860c9f22f35bc921e133574e1122c764ada17d0de5e6405a7e093ac48a8ff7f5c4ae0579af68bec8e0af1ecb32f640291b

            • C:\Users\Admin\AppData\Local\Temp\imageio940787065608812075.tmp

              Filesize

              114KB

              MD5

              cd0c2043597804c30094da08dbd2ec9a

              SHA1

              ddc0fc70e620df19a150425f4d66ab930a58e98d

              SHA256

              1aaaa86dd3757d589325b3fd34a98948cb38c60d6ed6302380291a4600c01734

              SHA512

              a8a32c3194a725293165d065151b6d6c5ef8bc10a09dca5655df4d309a876f9f613ae51eccd42c47eaf510289f1626eecb02f6b80c19cd9287996022f07e1d19

            • C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna1349542195846350125.dll

              Filesize

              248KB

              MD5

              719d6ba1946c25aa61ce82f90d77ffd5

              SHA1

              94d2191378cac5719daecc826fc116816284c406

              SHA256

              69c45175ecfd25af023f96ac0bb2c45e6a95e3ba8a5a50ee7969ccab14825c44

              SHA512

              119152b624948b76921aa91a5024006ef7c8fdbfe5f6fe71b1ec9f2c0e504b22508ff438c4183e60fa8de93eb35a8c7ccdda3a686e3c2f65c8185f1dd2ef248b

            • C:\Users\Admin\AppData\Local\Temp\pULHfy895942203317978330.tmp

              Filesize

              710KB

              MD5

              ea32d3a9a0a4c7dd26bc75b770b8d6e6

              SHA1

              79dd917e26e45af4e20a19592bbaa88c44629a76

              SHA256

              68de0bf850720a72c68ea6cec582131b176222cfc90856b744c35bde551f57d3

              SHA512

              6602ab5c0f36611e5ffec8f4f077d72f7b9858fec7104b0ad8ad0bf4b5c3ebf1d0fbf9ed53720c4dd0a6d288b3b1b050c2e9cc34f54361d811f49b19980a7a47

            • C:\Users\Admin\AppData\Local\Temp\sqlite-unknown-e2e5f399-3ace-4d02-875b-0278fa68c90a-sqlitejdbc.dll

              Filesize

              720KB

              MD5

              98eac6ad76d39e73967252542f6f40e4

              SHA1

              76923dd88c42c2536e969009927282025be4e79d

              SHA256

              51cc105f172859e6866f3cad5c99188663be503cd4bb618c946b0c83faabf0b8

              SHA512

              076bd432b21220f023b861b3d31aabb702386e073209b54d0401058f67aa3205938909a32637f48770e63c0ff512338248a8c1131cd5159daf8eec35249ca7ef

            • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-870806430-2618236806-3023919190-1000\83aa4cc77f591dfc2374580bbd95f6ba_f8cb507d-35a1-48c2-aef3-a249a39aae63

              Filesize

              45B

              MD5

              c8366ae350e7019aefc9d1e6e6a498c6

              SHA1

              5731d8a3e6568a5f2dfbbc87e3db9637df280b61

              SHA256

              11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

              SHA512

              33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

            • memory/3636-75-0x0000024305610000-0x0000024305620000-memory.dmp

              Filesize

              64KB

            • memory/3636-50-0x0000024305660000-0x0000024305670000-memory.dmp

              Filesize

              64KB

            • memory/3636-30-0x0000024305600000-0x0000024305610000-memory.dmp

              Filesize

              64KB

            • memory/3636-29-0x00000243055F0000-0x0000024305600000-memory.dmp

              Filesize

              64KB

            • memory/3636-81-0x0000024305640000-0x0000024305650000-memory.dmp

              Filesize

              64KB

            • memory/3636-87-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-41-0x0000024305640000-0x0000024305650000-memory.dmp

              Filesize

              64KB

            • memory/3636-105-0x0000024305650000-0x0000024305660000-memory.dmp

              Filesize

              64KB

            • memory/3636-39-0x0000024305630000-0x0000024305640000-memory.dmp

              Filesize

              64KB

            • memory/3636-38-0x0000024305620000-0x0000024305630000-memory.dmp

              Filesize

              64KB

            • memory/3636-116-0x0000024305660000-0x0000024305670000-memory.dmp

              Filesize

              64KB

            • memory/3636-37-0x0000024305610000-0x0000024305620000-memory.dmp

              Filesize

              64KB

            • memory/3636-119-0x0000024305670000-0x0000024305680000-memory.dmp

              Filesize

              64KB

            • memory/3636-45-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-121-0x0000024305680000-0x0000024305690000-memory.dmp

              Filesize

              64KB

            • memory/3636-126-0x0000024305690000-0x00000243056A0000-memory.dmp

              Filesize

              64KB

            • memory/3636-44-0x0000024305650000-0x0000024305660000-memory.dmp

              Filesize

              64KB

            • memory/3636-52-0x0000024305670000-0x0000024305680000-memory.dmp

              Filesize

              64KB

            • memory/3636-55-0x0000024305680000-0x0000024305690000-memory.dmp

              Filesize

              64KB

            • memory/3636-130-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-131-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-60-0x0000024305690000-0x00000243056A0000-memory.dmp

              Filesize

              64KB

            • memory/3636-59-0x0000024305380000-0x00000243055F0000-memory.dmp

              Filesize

              2.4MB

            • memory/3636-139-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-150-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-165-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-167-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-176-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-175-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-193-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-205-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-212-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-218-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-231-0x0000024303B20000-0x0000024303B21000-memory.dmp

              Filesize

              4KB

            • memory/3636-67-0x0000024305600000-0x0000024305610000-memory.dmp

              Filesize

              64KB

            • memory/3636-66-0x00000243055F0000-0x0000024305600000-memory.dmp

              Filesize

              64KB

            • memory/3636-2-0x0000024305380000-0x00000243055F0000-memory.dmp

              Filesize

              2.4MB

            • memory/3636-76-0x0000024305620000-0x0000024305630000-memory.dmp

              Filesize

              64KB

            • memory/3636-72-0x0000024305630000-0x0000024305640000-memory.dmp

              Filesize

              64KB

            • memory/4564-117-0x0000022099230000-0x0000022099231000-memory.dmp

              Filesize

              4KB

            • memory/4564-127-0x000002209AD80000-0x000002209AD90000-memory.dmp

              Filesize

              64KB

            • memory/4564-65-0x000002209AD90000-0x000002209ADA0000-memory.dmp

              Filesize

              64KB

            • memory/4564-137-0x000002209ADC0000-0x000002209ADD0000-memory.dmp

              Filesize

              64KB

            • memory/4564-136-0x000002209ADB0000-0x000002209ADC0000-memory.dmp

              Filesize

              64KB

            • memory/4564-129-0x000002209ADA0000-0x000002209ADB0000-memory.dmp

              Filesize

              64KB

            • memory/4564-128-0x000002209AD90000-0x000002209ADA0000-memory.dmp

              Filesize

              64KB

            • memory/4564-106-0x0000022099230000-0x0000022099231000-memory.dmp

              Filesize

              4KB

            • memory/4564-64-0x000002209AD80000-0x000002209AD90000-memory.dmp

              Filesize

              64KB

            • memory/4564-120-0x0000022099230000-0x0000022099231000-memory.dmp

              Filesize

              4KB

            • memory/4564-73-0x000002209ADA0000-0x000002209ADB0000-memory.dmp

              Filesize

              64KB

            • memory/4564-77-0x000002209ADB0000-0x000002209ADC0000-memory.dmp

              Filesize

              64KB

            • memory/4564-63-0x000002209AB10000-0x000002209AD80000-memory.dmp

              Filesize

              2.4MB

            • memory/4564-88-0x0000022099230000-0x0000022099231000-memory.dmp

              Filesize

              4KB

            • memory/4564-82-0x000002209ADC0000-0x000002209ADD0000-memory.dmp

              Filesize

              64KB

            • memory/4564-78-0x0000022099230000-0x0000022099231000-memory.dmp

              Filesize

              4KB

            • memory/4564-5296-0x000002209AD90000-0x000002209ADA0000-memory.dmp

              Filesize

              64KB

            • memory/4564-5297-0x000002209AD80000-0x000002209AD90000-memory.dmp

              Filesize

              64KB

            • memory/4564-5298-0x000002209AB10000-0x000002209AD80000-memory.dmp

              Filesize

              2.4MB

            • memory/4564-5301-0x000002209ADC0000-0x000002209ADD0000-memory.dmp

              Filesize

              64KB

            • memory/4564-5300-0x000002209ADB0000-0x000002209ADC0000-memory.dmp

              Filesize

              64KB

            • memory/4564-5299-0x000002209ADA0000-0x000002209ADB0000-memory.dmp

              Filesize

              64KB

            • memory/4564-21-0x000002209AB10000-0x000002209AD80000-memory.dmp

              Filesize

              2.4MB