strrat | 32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9 | Triage

Analysis

max time kernel
147s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2024, 02:16 UTC

Sharing

Report Analysis Logs

General

Target

9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar
Size

94KB
MD5

9f431f7105d073752fd396105dc898ef
SHA1

62058bd9d3683d7a6983d36722fede080b87c3d3
SHA256

32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9
SHA512

26df1f20d773c009df88e440a484dd5feafc8f3ef46ddf90fcd465eb1c4b44bff112a44c2f79b9168aa64564bfd7a48ec14d110384e3d5d3944b9ada1460aee0
SSDEEP

1536:Ex4jk2LwtGGBCRLwZ0MQ6i98iZGmAT5hSXx93uf3gdTsypX7GufP16wzInBvOwv:VjLwtGLi0MQ6iS8ATo9efwfplP11zC

Score

10^/10

strrat persistence stealer trojan

Malware Config

Extracted

Family

strrat

C2

79.134.225.26:7888

Attributes

license_id
3CJV-H140-XWVJ-P21B-U6QX
plugins_url
http://jbfrost.live/strigoi/server/?hwid=1&lid=m&ht=5
scheduled_task
true
secondary_startup
true
startup
true

Signatures

STRRAT
STRRAT is a remote access tool than can steal credentials and log keystrokes.
trojan stealer strrat
Strrat family
strrat

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar	java.exe

Loads dropped DLL 2 IoCs

pid	Process
1640	java.exe
1944	java.exe

Adds Run key to start application 2 TTPs 2 IoCs

Registry Run Keys / Startup Folder

Modify Registry

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9f431f7105d073752fd396105dc898ef_JaffaCakes118 = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar\""	java.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9f431f7105d073752fd396105dc898ef_JaffaCakes118 = "\"C:\\Program Files\\Java\\jre-1.8\\bin\\javaw.exe\" -jar \"C:\\Users\\Admin\\AppData\\Roaming\\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar\""	java.exe

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Java\jre-1.8\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar	java.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

pid	Process
468	schtasks.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 804 wrote to memory of 728	804	java.exe	90
PID 804 wrote to memory of 728	804	java.exe	90
PID 728 wrote to memory of 1640	728	java.exe	92
PID 728 wrote to memory of 1640	728	java.exe	92
PID 1640 wrote to memory of 2176	1640	java.exe	96
PID 1640 wrote to memory of 2176	1640	java.exe	96
PID 1640 wrote to memory of 1944	1640	java.exe	97
PID 1640 wrote to memory of 1944	1640	java.exe	97
PID 2176 wrote to memory of 468	2176	cmd.exe	100
PID 2176 wrote to memory of 468	2176	cmd.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Common Files\Oracle\Java\javapath\java.exe
java -jar C:\Users\Admin\AppData\Local\Temp\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar
1⤵
- Drops file in Program Files directory
- Suspicious use of WriteProcessMemory
PID:804
- C:\Program Files\Java\jre-1.8\bin\java.exe
  "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Program Files\Java\jre-1.8\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:728
- - C:\Program Files\Java\jre-1.8\bin\java.exe
    "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar"
    3⤵
    - Drops startup file
    - Loads dropped DLL
    - Adds Run key to start application
    - Suspicious use of WriteProcessMemory
    PID:1640
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd /c schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar"
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2176
    - - C:\Windows\system32\schtasks.exe
        
        schtasks /create /sc minute /mo 30 /tn Skype /tr "C:\Users\Admin\AppData\Roaming\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar"
        5⤵
        Scheduled Task/Job: Scheduled Task
        
        PID:468
  - - C:\Program Files\Java\jre-1.8\bin\java.exe
      "C:\Program Files\Java\jre-1.8\bin\java.exe" -jar "C:\Users\Admin\AppData\Roaming\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar"
      4⤵
      Loads dropped DLL
      PID:1944

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

github.com

java.exe

Remote address:

8.8.8.8:53

Request

github.com

IN A

Response

github.com

IN A

20.26.156.215
DNS

repo1.maven.org

java.exe

Remote address:

8.8.8.8:53

Request

repo1.maven.org

IN A

Response

repo1.maven.org

IN CNAME

dualstack.sonatype.map.fastly.net

dualstack.sonatype.map.fastly.net

IN A

199.232.192.209

dualstack.sonatype.map.fastly.net

IN A

199.232.196.209
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR

Response
DNS

2.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.159.190.20.in-addr.arpa

IN PTR
DNS

209.192.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.192.232.199.in-addr.arpa

IN PTR

Response
DNS

215.156.26.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

215.156.26.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

objects.githubusercontent.com

java.exe

Remote address:

8.8.8.8:53

Request

objects.githubusercontent.com

IN A

Response

objects.githubusercontent.com

IN A

185.199.111.133

objects.githubusercontent.com

IN A

185.199.110.133

objects.githubusercontent.com

IN A

185.199.108.133

objects.githubusercontent.com

IN A

185.199.109.133
DNS

133.111.199.185.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.111.199.185.in-addr.arpa

IN PTR

Response

133.111.199.185.in-addr.arpa

IN PTR

cdn-185-199-111-133githubcom
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
DNS

200.163.202.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.163.202.172.in-addr.arpa

IN PTR

Response
DNS

18.31.95.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.31.95.13.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

Response
DNS

43.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.229.111.52.in-addr.arpa

IN PTR

199.232.192.209:443

repo1.maven.org

tls

java.exe

36.7kB
1.6MB
666
1127
199.232.192.209:443

repo1.maven.org

tls

java.exe

84.0kB
4.5MB
1706
3206
199.232.192.209:443

repo1.maven.org

tls

java.exe

48.1kB
2.8MB
1022
1991
20.26.156.215:443

github.com

tls

java.exe

2.1kB
8.6kB
20
17
185.199.111.133:443

objects.githubusercontent.com

tls

java.exe

15.2kB
821.1kB
304
600
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
160 B
5
4
79.134.225.26:7888

java.exe

260 B
160 B
5
4
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
200 B
5
5
79.134.225.26:7888

java.exe

260 B
160 B
5
4

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

github.com

dns

java.exe

56 B
72 B
1
1

DNS Request

github.com

DNS Response

20.26.156.215
8.8.8.8:53

repo1.maven.org

dns

java.exe

61 B
140 B
1
1

DNS Request

repo1.maven.org

DNS Response

199.232.192.209

199.232.196.209
8.8.8.8:53

2.159.190.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

2.159.190.20.in-addr.arpa

DNS Request

2.159.190.20.in-addr.arpa
8.8.8.8:53

209.192.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

209.192.232.199.in-addr.arpa
8.8.8.8:53

215.156.26.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

215.156.26.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

objects.githubusercontent.com

dns

java.exe

75 B
139 B
1
1

DNS Request

objects.githubusercontent.com

DNS Response

185.199.111.133

185.199.110.133

185.199.108.133

185.199.109.133
8.8.8.8:53

133.111.199.185.in-addr.arpa

dns

74 B
118 B
1
1

DNS Request

133.111.199.185.in-addr.arpa
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

200.163.202.172.in-addr.arpa

dns

74 B
160 B
1
1

DNS Request

200.163.202.172.in-addr.arpa
8.8.8.8:53

18.31.95.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

18.31.95.13.in-addr.arpa
8.8.8.8:53

43.229.111.52.in-addr.arpa

dns

144 B
158 B
2
1

DNS Request

43.229.111.52.in-addr.arpa

DNS Request

43.229.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Scheduled Task/Job

Scheduled Task

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Java\jre-1.8\9f431f7105d073752fd396105dc898ef_JaffaCakes118.jar

Filesize
94KB

MD5
9f431f7105d073752fd396105dc898ef

SHA1
62058bd9d3683d7a6983d36722fede080b87c3d3

SHA256
32cbcd636b3295b79872dc883f84bd3c5f378f9e2bd64a73148e8a3d5d6d58f9

SHA512
26df1f20d773c009df88e440a484dd5feafc8f3ef46ddf90fcd465eb1c4b44bff112a44c2f79b9168aa64564bfd7a48ec14d110384e3d5d3944b9ada1460aee0

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
9df8aab6608db418c4b50199bc489523

SHA1
3f4c62ed7b48a8cbe15ca7e059c317c06c2e2048

SHA256
6f6b69a971a9cf6d7f16ee8220fac4ff3063ad7f70102d21ccd6879c32627537

SHA512
b3da2b7c7a7539aeeba9fa04bf6f73dc438d49c324e757ebf44f1264cb037e9d3a2e2e9074ca1f980c1004861bd14fe7f82c9dce689fc50ad53d653def9b55d5

Download Submit
C:\ProgramData\Oracle\Java\.oracle_jre_usage\3903daac9bc4a3b7.timestamp

Filesize
46B

MD5
8edc8fc0de81895b8289797cec291f97

SHA1
d3e71d3925a1a682b334e29f5038409ebe594f52

SHA256
50232e8bd7cc7afc1112e0dcc8a0f8c06babbfae5afc1bd1fd698e36d190d7ad

SHA512
c6891d060f986e841411dbf57e4f179850d54d85713dca4017782c9d229a1490f59be52cbee0acbd21df3bd13d5e6d8c2b06f1e92726d88793264d8754708f30

Download Submit
C:\Users\Admin\AppData\Local\Temp\jna-63116079\jna7664669003420512474.dll

Filesize
241KB

MD5
e02979ecd43bcc9061eb2b494ab5af50

SHA1
3122ac0e751660f646c73b10c4f79685aa65c545

SHA256
a66959bec2ef5af730198db9f3b3f7cab0d4ae70ce01bec02bf1d738e6d1ee7a

SHA512
1e6f7dcb6a557c9b896412a48dd017c16f7a52fa2b9ab513593c9ecd118e86083979821ca7a3e2f098ee349200c823c759cec6599740dd391cb5f354dc29b372

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-493223053-2004649691-1575712786-1000\83aa4cc77f591dfc2374580bbd95f6ba_755b0f1a-bb38-4bb2-bc7e-240c892146ee

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\lib\jna-5.5.0.jar

Filesize
1.4MB

MD5
acfb5b5fd9ee10bf69497792fd469f85

SHA1
0e0845217c4907822403912ad6828d8e0b256208

SHA256
b308faebfe4ed409de8410e0a632d164b2126b035f6eacff968d3908cafb4d9e

SHA512
e52575f58a195ceb3bd16b9740eadf5bc5b1d4d63c0734e8e5fd1d1776aa2d068d2e4c7173b83803f95f72c0a6759ae1c9b65773c734250d4cfcdf47a19f82aa

Download Submit
C:\Users\Admin\lib\jna-platform-5.5.0.jar

Filesize
2.6MB

MD5
2f4a99c2758e72ee2b59a73586a2322f

SHA1
af38e7c4d0fc73c23ecd785443705bfdee5b90bf

SHA256
24d81621f82ac29fcdd9a74116031f5907a2343158e616f4573bbfa2434ae0d5

SHA512
b860459a0d3bf7ccb600a03aa1d2ac0358619ee89b2b96ed723541e182b6fdab53aefef7992acb4e03fca67aa47cbe3907b1e6060a60b57ed96c4e00c35c7494

Download Submit
C:\Users\Admin\lib\sqlite-jdbc-3.14.2.1.jar

Filesize
4.1MB

MD5
b33387e15ab150a7bf560abdc73c3bec

SHA1
66b8075784131f578ef893fd7674273f709b9a4c

SHA256
2eae3dea1c3dde6104c49f9601074b6038ff6abcf3be23f4b56f6720a4f6a491

SHA512
25cfb0d6ce35d0bcb18527d3aa12c63ecb2d9c1b8b78805d1306e516c13480b79bb0d74730aa93bd1752f9ac2da9fdd51781c48844cea2fd52a06c62852c8279

Download Submit
C:\Users\Admin\lib\system-hook-3.5.jar

Filesize
772KB

MD5
e1aa38a1e78a76a6de73efae136cdb3a

SHA1
c463da71871f780b2e2e5dba115d43953b537daf

SHA256
2ddda8af6faef8bde46acf43ec546603180bcf8dcb2e5591fff8ac9cd30b5609

SHA512
fee16fe9364926ec337e52f551fd62ed81984808a847de2fd68ff29b6c5da0dcc04ef6d8977f0fe675662a7d2ea1065cdcdd2a5259446226a7c7c5516bd7d60d

Download Submit
memory/728-211-0x0000014BF8680000-0x0000014BF8681000-memory.dmp

Filesize
4KB

Download
memory/728-213-0x0000014BF8680000-0x0000014BF8681000-memory.dmp

Filesize
4KB

Download
memory/804-106-0x0000024FEC840000-0x0000024FEC850000-memory.dmp

Filesize
64KB

Download
memory/804-49-0x0000024FEC750000-0x0000024FEC760000-memory.dmp

Filesize
64KB

Download
memory/804-32-0x0000024FEC790000-0x0000024FEC7A0000-memory.dmp

Filesize
64KB

Download
memory/804-34-0x0000024FEC7A0000-0x0000024FEC7B0000-memory.dmp

Filesize
64KB

Download
memory/804-33-0x0000024FEC4B0000-0x0000024FEC720000-memory.dmp

Filesize
2.4MB

Download
memory/804-36-0x0000024FEC7B0000-0x0000024FEC7C0000-memory.dmp

Filesize
64KB

Download
memory/804-43-0x0000024FEC730000-0x0000024FEC740000-memory.dmp

Filesize
64KB

Download
memory/804-45-0x0000024FEC7E0000-0x0000024FEC7F0000-memory.dmp

Filesize
64KB

Download
memory/804-44-0x0000024FEC740000-0x0000024FEC750000-memory.dmp

Filesize
64KB

Download
memory/804-42-0x0000024FEC7D0000-0x0000024FEC7E0000-memory.dmp

Filesize
64KB

Download
memory/804-41-0x0000024FEC7C0000-0x0000024FEC7D0000-memory.dmp

Filesize
64KB

Download
memory/804-40-0x0000024FEC720000-0x0000024FEC730000-memory.dmp

Filesize
64KB

Download
memory/804-51-0x0000024FEC760000-0x0000024FEC770000-memory.dmp

Filesize
64KB

Download
memory/804-58-0x0000024FEC830000-0x0000024FEC840000-memory.dmp

Filesize
64KB

Download
memory/804-60-0x0000024FEC790000-0x0000024FEC7A0000-memory.dmp

Filesize
64KB

Download
memory/804-59-0x0000024FEC780000-0x0000024FEC790000-memory.dmp

Filesize
64KB

Download
memory/804-57-0x0000024FEC820000-0x0000024FEC830000-memory.dmp

Filesize
64KB

Download
memory/804-56-0x0000024FEC770000-0x0000024FEC780000-memory.dmp

Filesize
64KB

Download
memory/804-54-0x0000024FEC810000-0x0000024FEC820000-memory.dmp

Filesize
64KB

Download
memory/804-53-0x0000024FEC800000-0x0000024FEC810000-memory.dmp

Filesize
64KB

Download
memory/804-52-0x0000024FEC7F0000-0x0000024FEC800000-memory.dmp

Filesize
64KB

Download
memory/804-116-0x0000024FEC860000-0x0000024FEC870000-memory.dmp

Filesize
64KB

Download
memory/804-64-0x0000024FEC840000-0x0000024FEC850000-memory.dmp

Filesize
64KB

Download
memory/804-65-0x0000024FEAC00000-0x0000024FEAC01000-memory.dmp

Filesize
4KB

Download
memory/804-67-0x0000024FEC7A0000-0x0000024FEC7B0000-memory.dmp

Filesize
64KB

Download
memory/804-117-0x0000024FEC920000-0x0000024FEC930000-memory.dmp

Filesize
64KB

Download
memory/804-73-0x0000024FEC860000-0x0000024FEC870000-memory.dmp

Filesize
64KB

Download
memory/804-72-0x0000024FEC7B0000-0x0000024FEC7C0000-memory.dmp

Filesize
64KB

Download
memory/804-80-0x0000024FEC880000-0x0000024FEC890000-memory.dmp

Filesize
64KB

Download
memory/804-79-0x0000024FEC870000-0x0000024FEC880000-memory.dmp

Filesize
64KB

Download
memory/804-82-0x0000024FEC890000-0x0000024FEC8A0000-memory.dmp

Filesize
64KB

Download
memory/804-81-0x0000024FEC7E0000-0x0000024FEC7F0000-memory.dmp

Filesize
64KB

Download
memory/804-77-0x0000024FEC7D0000-0x0000024FEC7E0000-memory.dmp

Filesize
64KB

Download
memory/804-76-0x0000024FEC7C0000-0x0000024FEC7D0000-memory.dmp

Filesize
64KB

Download
memory/804-90-0x0000024FEC8A0000-0x0000024FEC8B0000-memory.dmp

Filesize
64KB

Download
memory/804-93-0x0000024FEC8D0000-0x0000024FEC8E0000-memory.dmp

Filesize
64KB

Download
memory/804-92-0x0000024FEC8C0000-0x0000024FEC8D0000-memory.dmp

Filesize
64KB

Download
memory/804-91-0x0000024FEC8B0000-0x0000024FEC8C0000-memory.dmp

Filesize
64KB

Download
memory/804-89-0x0000024FEC810000-0x0000024FEC820000-memory.dmp

Filesize
64KB

Download
memory/804-88-0x0000024FEC800000-0x0000024FEC810000-memory.dmp

Filesize
64KB

Download
memory/804-112-0x0000024FEAC00000-0x0000024FEAC01000-memory.dmp

Filesize
4KB

Download
memory/804-98-0x0000024FEC830000-0x0000024FEC840000-memory.dmp

Filesize
64KB

Download
memory/804-99-0x0000024FEC8E0000-0x0000024FEC8F0000-memory.dmp

Filesize
64KB

Download
memory/804-97-0x0000024FEC820000-0x0000024FEC830000-memory.dmp

Filesize
64KB

Download
memory/804-103-0x0000024FEC8F0000-0x0000024FEC900000-memory.dmp

Filesize
64KB

Download
memory/804-104-0x0000024FEAC00000-0x0000024FEAC01000-memory.dmp

Filesize
4KB

Download
memory/804-23-0x0000024FEC770000-0x0000024FEC780000-memory.dmp

Filesize
64KB

Download
memory/804-107-0x0000024FEC900000-0x0000024FEC910000-memory.dmp

Filesize
64KB

Download
memory/804-110-0x0000024FEC910000-0x0000024FEC920000-memory.dmp

Filesize
64KB

Download
memory/804-109-0x0000024FEC850000-0x0000024FEC860000-memory.dmp

Filesize
64KB

Download
memory/804-87-0x0000024FEC7F0000-0x0000024FEC800000-memory.dmp

Filesize
64KB

Download
memory/804-25-0x0000024FEC780000-0x0000024FEC790000-memory.dmp

Filesize
64KB

Download
memory/804-68-0x0000024FEC850000-0x0000024FEC860000-memory.dmp

Filesize
64KB

Download
memory/804-121-0x0000024FEC930000-0x0000024FEC940000-memory.dmp

Filesize
64KB

Download
memory/804-120-0x0000024FEC880000-0x0000024FEC890000-memory.dmp

Filesize
64KB

Download
memory/804-119-0x0000024FEC870000-0x0000024FEC880000-memory.dmp

Filesize
64KB

Download
memory/804-123-0x0000024FEC890000-0x0000024FEC8A0000-memory.dmp

Filesize
64KB

Download
memory/804-124-0x0000024FEC940000-0x0000024FEC950000-memory.dmp

Filesize
64KB

Download
memory/804-127-0x0000024FEC950000-0x0000024FEC960000-memory.dmp

Filesize
64KB

Download
memory/804-131-0x0000024FEC960000-0x0000024FEC970000-memory.dmp

Filesize
64KB

Download
memory/804-130-0x0000024FEC8B0000-0x0000024FEC8C0000-memory.dmp

Filesize
64KB

Download
memory/804-129-0x0000024FEC8A0000-0x0000024FEC8B0000-memory.dmp

Filesize
64KB

Download
memory/804-134-0x0000024FEAC00000-0x0000024FEAC01000-memory.dmp

Filesize
4KB

Download
memory/804-139-0x0000024FEC8C0000-0x0000024FEC8D0000-memory.dmp

Filesize
64KB

Download
memory/804-140-0x0000024FEC8D0000-0x0000024FEC8E0000-memory.dmp

Filesize
64KB

Download
memory/804-143-0x0000024FEC8E0000-0x0000024FEC8F0000-memory.dmp

Filesize
64KB

Download
memory/804-147-0x0000024FEC970000-0x0000024FEC980000-memory.dmp

Filesize
64KB

Download
memory/804-146-0x0000024FEC8F0000-0x0000024FEC900000-memory.dmp

Filesize
64KB

Download
memory/804-175-0x0000024FEC890000-0x0000024FEC8A0000-memory.dmp

Filesize
64KB

Download
memory/804-174-0x0000024FEC7F0000-0x0000024FEC800000-memory.dmp

Filesize
64KB

Download
memory/804-173-0x0000024FEC8B0000-0x0000024FEC8C0000-memory.dmp

Filesize
64KB

Download
memory/804-172-0x0000024FEC880000-0x0000024FEC890000-memory.dmp

Filesize
64KB

Download
memory/804-171-0x0000024FEC870000-0x0000024FEC880000-memory.dmp

Filesize
64KB

Download
memory/804-170-0x0000024FEC860000-0x0000024FEC870000-memory.dmp

Filesize
64KB

Download
memory/804-169-0x0000024FEC840000-0x0000024FEC850000-memory.dmp

Filesize
64KB

Download
memory/804-167-0x0000024FEC830000-0x0000024FEC840000-memory.dmp

Filesize
64KB

Download
memory/804-166-0x0000024FEC820000-0x0000024FEC830000-memory.dmp

Filesize
64KB

Download
memory/804-165-0x0000024FEC810000-0x0000024FEC820000-memory.dmp

Filesize
64KB

Download
memory/804-164-0x0000024FEC800000-0x0000024FEC810000-memory.dmp

Filesize
64KB

Download
memory/804-163-0x0000024FEC8C0000-0x0000024FEC8D0000-memory.dmp

Filesize
64KB

Download
memory/804-162-0x0000024FEC7E0000-0x0000024FEC7F0000-memory.dmp

Filesize
64KB

Download
memory/804-161-0x0000024FEC7D0000-0x0000024FEC7E0000-memory.dmp

Filesize
64KB

Download
memory/804-160-0x0000024FEC7C0000-0x0000024FEC7D0000-memory.dmp

Filesize
64KB

Download
memory/804-159-0x0000024FEC7B0000-0x0000024FEC7C0000-memory.dmp

Filesize
64KB

Download
memory/804-158-0x0000024FEC790000-0x0000024FEC7A0000-memory.dmp

Filesize
64KB

Download
memory/804-157-0x0000024FEC7A0000-0x0000024FEC7B0000-memory.dmp

Filesize
64KB

Download
memory/804-156-0x0000024FEC780000-0x0000024FEC790000-memory.dmp

Filesize
64KB

Download
memory/804-155-0x0000024FEC770000-0x0000024FEC780000-memory.dmp

Filesize
64KB

Download
memory/804-154-0x0000024FEC760000-0x0000024FEC770000-memory.dmp

Filesize
64KB

Download
memory/804-153-0x0000024FEC750000-0x0000024FEC760000-memory.dmp

Filesize
64KB

Download
memory/804-20-0x0000024FEC750000-0x0000024FEC760000-memory.dmp

Filesize
64KB

Download
memory/804-21-0x0000024FEC760000-0x0000024FEC770000-memory.dmp

Filesize
64KB

Download
memory/804-17-0x0000024FEC740000-0x0000024FEC750000-memory.dmp

Filesize
64KB

Download
memory/804-16-0x0000024FEAC00000-0x0000024FEAC01000-memory.dmp

Filesize
4KB

Download
memory/804-152-0x0000024FEC740000-0x0000024FEC750000-memory.dmp

Filesize
64KB

Download
memory/804-151-0x0000024FEC730000-0x0000024FEC740000-memory.dmp

Filesize
64KB

Download
memory/804-150-0x0000024FEC720000-0x0000024FEC730000-memory.dmp

Filesize
64KB

Download
memory/804-149-0x0000024FEC4B0000-0x0000024FEC720000-memory.dmp

Filesize
2.4MB

Download
memory/804-2-0x0000024FEC4B0000-0x0000024FEC720000-memory.dmp

Filesize
2.4MB

Download
memory/804-14-0x0000024FEC730000-0x0000024FEC740000-memory.dmp

Filesize
64KB

Download
memory/804-12-0x0000024FEC720000-0x0000024FEC730000-memory.dmp

Filesize
64KB

Download
memory/1640-271-0x0000027B4A5A0000-0x0000027B4A5A1000-memory.dmp

Filesize
4KB

Download
memory/1640-245-0x0000027B4A5A0000-0x0000027B4A5A1000-memory.dmp

Filesize
4KB

Download
memory/1944-296-0x000001C324AD0000-0x000001C324AD1000-memory.dmp

Filesize
4KB

Download