60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
22/09/2023, 17:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe
Size

26KB
MD5

751f30fc1993b036c41fd04da011f3f9
SHA1

8fc886fdd7e08c0f0a0600f74d596409872adad8
SHA256

60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d
SHA512

90b6da7e07b66a6cf1723d4b8246f78280451f83851a66d53da3158bca9e61f531f6eff6671efba586599771fbbfca387bfb213751f170ac90d9a9e1a822cb83
SSDEEP

384:bJJo2hYvWMUMGYZakk1RZxVTcK93MTW4g1CwL1+b+/cG7m3MXhJD0m3Htp:UEHHTZrTv3M41v1+bpCrXhJgm3Htp

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1141987721-3945596982-3297311814-1000\Control Panel\International\Geo\Nation	file-235.tmp

Drops startup file 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uranium Security.lnk	file-235.tmp

Executes dropped EXE 6 IoCs

pid	Process
1056	file.exe
3956	file-235.exe
2000	file-235.tmp
3120	file-235.exe
3716	file-235.tmp
4864	meltdown.exe

Loads dropped DLL 2 IoCs

pid	Process
2000	file-235.tmp
3716	file-235.tmp

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
19	ip-api.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 1 IoCs

evasion

pid	Process
4904	timeout.exe

Gathers system information 1 TTPs 1 IoCs

Runs systeminfo.exe.

System Information Discovery

T1082

pid	Process
1860	systeminfo.exe

GoLang User-Agent 3 IoCs

Uses default user-agent string defined by GoLang HTTP packages.

description	flow	ioc
HTTP User-Agent header	20	Go-http-client/1.1
HTTP User-Agent header	22	Go-http-client/1.1
HTTP User-Agent header	26	Go-http-client/1.1

Kills process with taskkill 1 IoCs

evasion

pid	Process
4044	taskkill.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe
3716	file-235.tmp
3716	file-235.tmp

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe
Token: SeDebugPrivilege	4044	taskkill.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
3716	file-235.tmp

Suspicious use of WriteProcessMemory 33 IoCs

description	pid	Process	procid_target
PID 5044 wrote to memory of 1056	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe	85
PID 5044 wrote to memory of 1056	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe	85
PID 5044 wrote to memory of 1056	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe	85
PID 5044 wrote to memory of 3956	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe	86
PID 5044 wrote to memory of 3956	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe	86
PID 5044 wrote to memory of 3956	5044	60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe	86
PID 3956 wrote to memory of 2000	3956	file-235.exe	87
PID 3956 wrote to memory of 2000	3956	file-235.exe	87
PID 3956 wrote to memory of 2000	3956	file-235.exe	87
PID 2000 wrote to memory of 3120	2000	file-235.tmp	88
PID 2000 wrote to memory of 3120	2000	file-235.tmp	88
PID 2000 wrote to memory of 3120	2000	file-235.tmp	88
PID 3120 wrote to memory of 3716	3120	file-235.exe	89
PID 3120 wrote to memory of 3716	3120	file-235.exe	89
PID 3120 wrote to memory of 3716	3120	file-235.exe	89
PID 3716 wrote to memory of 4044	3716	file-235.tmp	90
PID 3716 wrote to memory of 4044	3716	file-235.tmp	90
PID 3716 wrote to memory of 4044	3716	file-235.tmp	90
PID 1056 wrote to memory of 1860	1056	file.exe	93
PID 1056 wrote to memory of 1860	1056	file.exe	93
PID 1056 wrote to memory of 1860	1056	file.exe	93
PID 3716 wrote to memory of 4864	3716	file-235.tmp	95
PID 3716 wrote to memory of 4864	3716	file-235.tmp	95
PID 3716 wrote to memory of 4864	3716	file-235.tmp	95
PID 3716 wrote to memory of 4332	3716	file-235.tmp	96
PID 3716 wrote to memory of 4332	3716	file-235.tmp	96
PID 3716 wrote to memory of 4332	3716	file-235.tmp	96
PID 1056 wrote to memory of 856	1056	file.exe	102
PID 1056 wrote to memory of 856	1056	file.exe	102
PID 1056 wrote to memory of 856	1056	file.exe	102
PID 856 wrote to memory of 4904	856	cmd.exe	104
PID 856 wrote to memory of 4904	856	cmd.exe	104
PID 856 wrote to memory of 4904	856	cmd.exe	104

C:\Users\Admin\AppData\Local\Temp\60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe
"C:\Users\Admin\AppData\Local\Temp\60ba10a5bdafa65987f36aa9ba884f686e36788bea22a7f6a7026fa18cbbab1d.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5044
- C:\Users\Admin\AppData\Local\Temp\file.exe
  "C:\Users\Admin\AppData\Local\Temp\file.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:1056
- - C:\Windows\SysWOW64\systeminfo.exe
    systeminfo
    3⤵
    - Gathers system information
    PID:1860
- - C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\cmd.exe /Ctimeout 5 && del "C:\Users\Admin\AppData\Local\Temp\file.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:856
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5
      4⤵
      Delays execution with timeout.exe
      PID:4904
- C:\Users\Admin\AppData\Local\Temp\file-235.exe
  "C:\Users\Admin\AppData\Local\Temp\file-235.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:3956
- - C:\Users\Admin\AppData\Local\Temp\is-PLFBN.tmp\file-235.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-PLFBN.tmp\file-235.tmp" /SL5="$401CE,269882,180224,C:\Users\Admin\AppData\Local\Temp\file-235.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:2000
  - - C:\Users\Admin\AppData\Local\Temp\file-235.exe
      "C:\Users\Admin\AppData\Local\Temp\file-235.exe" /verysilent /sp-
      4⤵
      Executes dropped EXE
      Suspicious use of WriteProcessMemory
      PID:3120
    - - C:\Users\Admin\AppData\Local\Temp\is-6HJE0.tmp\file-235.tmp
        
        "C:\Users\Admin\AppData\Local\Temp\is-6HJE0.tmp\file-235.tmp" /SL5="$501CE,269882,180224,C:\Users\Admin\AppData\Local\Temp\file-235.exe" /verysilent /sp-
        5⤵
        Drops startup file
        Executes dropped EXE
        Loads dropped DLL
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        Suspicious use of WriteProcessMemory
        
        PID:3716
      - C:\Windows\SysWOW64\taskkill.exe
        
        "taskkill" /f /im "Lometsim.exe"
        6⤵
        Kills process with taskkill
        Suspicious use of AdjustPrivilegeToken
        
        PID:4044
      - C:\Uranium-235\meltdown.exe
        
        "\Uranium-235\meltdown.exe" \Uranium-235\nuclear.aul
        6⤵
        Executes dropped EXE
        
        PID:4864
      - C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\Upertemitn.bat""
        6⤵
        
        PID:4332

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Uranium-235\Lometsim.ini

Filesize
8B

MD5
24a2fa87066d57b44a63b406d034c7d5

SHA1
ee446d4b54378dd4a512b08953e69bd9076b8312

SHA256
9668292f256a3f8bec137b916a535139749530dd50a1a003dd0093e07aa29bd4

SHA512
0025e506d721d9aa97529470e6cbf14f68dae5ca5ec7f9f7399862e9b773dac37f4387ca904f956a053959657a92bf5a3b0dc80f6608fcf445ffd8b628514d27

Download Submit
C:\Uranium-235\meltdown.exe

Filesize
363KB

MD5
2efd05a33e44926b3c95798b882101d7

SHA1
fa3b855f4a18360bf58d21ee05c99e05038cb306

SHA256
ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc

SHA512
1cd78cc08d961e60c85e146b7489450f3fc8939c7123981d07513feebb9e9fa005a4274cc56d3f6b80c0cd069d3875337eaf196010cd2d9bb3efc549df1195bf

Download Submit
C:\Uranium-235\meltdown.exe

Filesize
363KB

MD5
2efd05a33e44926b3c95798b882101d7

SHA1
fa3b855f4a18360bf58d21ee05c99e05038cb306

SHA256
ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc

SHA512
1cd78cc08d961e60c85e146b7489450f3fc8939c7123981d07513feebb9e9fa005a4274cc56d3f6b80c0cd069d3875337eaf196010cd2d9bb3efc549df1195bf

Download Submit
C:\Uranium-235\meltdown.exe

Filesize
363KB

MD5
2efd05a33e44926b3c95798b882101d7

SHA1
fa3b855f4a18360bf58d21ee05c99e05038cb306

SHA256
ae4c975bdaa91128595a0742e998703c0e9b270e8dfff42924c8479b1b8bdacc

SHA512
1cd78cc08d961e60c85e146b7489450f3fc8939c7123981d07513feebb9e9fa005a4274cc56d3f6b80c0cd069d3875337eaf196010cd2d9bb3efc549df1195bf

Download Submit
C:\Uranium-235\nuclear.aul

Filesize
2KB

MD5
3761a41b1adc90399a2b6663b0cbc5bc

SHA1
9a2ebae531171b2dfc9ffb1b2c586a333bc13706

SHA256
cfd7a6cadcafe26126c35c9e04a2e5eca4377785094d7780b453488bcca8f250

SHA512
2b12fd34b4410622d2bc690fec9488d88222c63e39026896a9b64cb67cf2838c003c9e2561f1aa7099274447c9077461f6534e0f7ccb99e7fd3b178901668ee1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Upertemitn.bat

Filesize
138B

MD5
b845751888a9277b219cd7d1ccbffef6

SHA1
66212d8284a04902f5095945834292c6cf149ed8

SHA256
e8d0e58ce534531fb2b585df3ac0af6fc91c939f424b73f232ead6e131871d9a

SHA512
23baaa296a6ec329b1a9d67df95bf50d07028fbfea32d8afbb5904c3c92f510ec0308ffdb313017d703cd7dba47100771963a259fb78619f0644bf291ba0cade

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hpbwth35.hfs.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\file-235.exe

Filesize
744KB

MD5
ace147cef2116853ecc46a2033dd6428

SHA1
71dd40687f503c72b9a5a4051ed61b523d8f98b5

SHA256
36ffe3d8a0b23ce2d6af158c493daf1daf6667a4c4b0d4a4ea017bd40f748893

SHA512
e2cbbc21f57abaa04620d1f65d97277d385c83edb83273c19e487e5e0074b8756105208df26403362dea37b4013041f358d89034749fabba91b3d773aac156ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\file-235.exe

Filesize
744KB

MD5
ace147cef2116853ecc46a2033dd6428

SHA1
71dd40687f503c72b9a5a4051ed61b523d8f98b5

SHA256
36ffe3d8a0b23ce2d6af158c493daf1daf6667a4c4b0d4a4ea017bd40f748893

SHA512
e2cbbc21f57abaa04620d1f65d97277d385c83edb83273c19e487e5e0074b8756105208df26403362dea37b4013041f358d89034749fabba91b3d773aac156ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\file-235.exe

Filesize
744KB

MD5
ace147cef2116853ecc46a2033dd6428

SHA1
71dd40687f503c72b9a5a4051ed61b523d8f98b5

SHA256
36ffe3d8a0b23ce2d6af158c493daf1daf6667a4c4b0d4a4ea017bd40f748893

SHA512
e2cbbc21f57abaa04620d1f65d97277d385c83edb83273c19e487e5e0074b8756105208df26403362dea37b4013041f358d89034749fabba91b3d773aac156ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\file-235.exe

Filesize
744KB

MD5
ace147cef2116853ecc46a2033dd6428

SHA1
71dd40687f503c72b9a5a4051ed61b523d8f98b5

SHA256
36ffe3d8a0b23ce2d6af158c493daf1daf6667a4c4b0d4a4ea017bd40f748893

SHA512
e2cbbc21f57abaa04620d1f65d97277d385c83edb83273c19e487e5e0074b8756105208df26403362dea37b4013041f358d89034749fabba91b3d773aac156ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.exe

Filesize
4.8MB

MD5
417cfabeee01bee425e071a9d8828170

SHA1
3818e63e787e44eb42dc1609550660ece5fa8daf

SHA256
88ceea988a4b66edfa194eae2aaf50951c6fbbc7d5aa8d19351d36531667fd89

SHA512
df600875b4b0909d55f8540143419edd9adcd53c345af27dd975ec7de5f8b46aa5b2ce791331c38c2be6a1e84ef415eedc1fc132376f4f6204b31a1318a4e027

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.exe

Filesize
4.8MB

MD5
417cfabeee01bee425e071a9d8828170

SHA1
3818e63e787e44eb42dc1609550660ece5fa8daf

SHA256
88ceea988a4b66edfa194eae2aaf50951c6fbbc7d5aa8d19351d36531667fd89

SHA512
df600875b4b0909d55f8540143419edd9adcd53c345af27dd975ec7de5f8b46aa5b2ce791331c38c2be6a1e84ef415eedc1fc132376f4f6204b31a1318a4e027

Download Submit
C:\Users\Admin\AppData\Local\Temp\file.exe

Filesize
4.8MB

MD5
417cfabeee01bee425e071a9d8828170

SHA1
3818e63e787e44eb42dc1609550660ece5fa8daf

SHA256
88ceea988a4b66edfa194eae2aaf50951c6fbbc7d5aa8d19351d36531667fd89

SHA512
df600875b4b0909d55f8540143419edd9adcd53c345af27dd975ec7de5f8b46aa5b2ce791331c38c2be6a1e84ef415eedc1fc132376f4f6204b31a1318a4e027

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6HJE0.tmp\file-235.tmp

Filesize
1.5MB

MD5
b1b79e7b4215cd739aa415cc5c7b023b

SHA1
60d893ef8ef07149729f1e1f4a693c1dd6c478a9

SHA256
bd716e0bd9d5b924e95db83c0e58653d8466f600fedbb1bd4513f2c4859bb51d

SHA512
7e87298a3dd305e1cd40edea07b3660063e88f3fd3af45f19efe0a28a242131ca45dadbf01f072f7d1a8ff1007a23b34159355067ef31c3a316071b03e795ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-6HJE0.tmp\file-235.tmp

Filesize
1.5MB

MD5
b1b79e7b4215cd739aa415cc5c7b023b

SHA1
60d893ef8ef07149729f1e1f4a693c1dd6c478a9

SHA256
bd716e0bd9d5b924e95db83c0e58653d8466f600fedbb1bd4513f2c4859bb51d

SHA512
7e87298a3dd305e1cd40edea07b3660063e88f3fd3af45f19efe0a28a242131ca45dadbf01f072f7d1a8ff1007a23b34159355067ef31c3a316071b03e795ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-LPURB.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N4G8L.tmp\_isetup\_shfoldr.dll

Filesize
22KB

MD5
92dc6ef532fbb4a5c3201469a5b5eb63

SHA1
3e89ff837147c16b4e41c30d6c796374e0b8e62c

SHA256
9884e9d1b4f8a873ccbd81f8ad0ae257776d2348d027d811a56475e028360d87

SHA512
9908e573921d5dbc3454a1c0a6c969ab8a81cc2e8b5385391d46b1a738fb06a76aa3282e0e58d0d2ffa6f27c85668cd5178e1500b8a39b1bbae04366ae6a86d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N4G8L.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-N4G8L.tmp\idp.dll

Filesize
232KB

MD5
55c310c0319260d798757557ab3bf636

SHA1
0892eb7ed31d8bb20a56c6835990749011a2d8de

SHA256
54e7e0ad32a22b775131a6288f083ed3286a9a436941377fc20f85dd9ad983ed

SHA512
e0082109737097658677d7963cbf28d412dca3fa8f5812c2567e53849336ce45ebae2c0430df74bfe16c0f3eebb46961bc1a10f32ca7947692a900162128ae57

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PLFBN.tmp\file-235.tmp

Filesize
1.5MB

MD5
b1b79e7b4215cd739aa415cc5c7b023b

SHA1
60d893ef8ef07149729f1e1f4a693c1dd6c478a9

SHA256
bd716e0bd9d5b924e95db83c0e58653d8466f600fedbb1bd4513f2c4859bb51d

SHA512
7e87298a3dd305e1cd40edea07b3660063e88f3fd3af45f19efe0a28a242131ca45dadbf01f072f7d1a8ff1007a23b34159355067ef31c3a316071b03e795ff5

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-PLFBN.tmp\file-235.tmp

Filesize
1.5MB

MD5
b1b79e7b4215cd739aa415cc5c7b023b

SHA1
60d893ef8ef07149729f1e1f4a693c1dd6c478a9

SHA256
bd716e0bd9d5b924e95db83c0e58653d8466f600fedbb1bd4513f2c4859bb51d

SHA512
7e87298a3dd305e1cd40edea07b3660063e88f3fd3af45f19efe0a28a242131ca45dadbf01f072f7d1a8ff1007a23b34159355067ef31c3a316071b03e795ff5

Download Submit
memory/1056-96-0x0000000000650000-0x0000000000B4A000-memory.dmp

Filesize
5.0MB

Download
memory/1056-97-0x0000000000650000-0x0000000000B4A000-memory.dmp

Filesize
5.0MB

Download
memory/2000-42-0x0000000002200000-0x0000000002201000-memory.dmp

Filesize
4KB

Download
memory/2000-59-0x0000000000400000-0x0000000000582000-memory.dmp

Filesize
1.5MB

Download
memory/3120-57-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3120-94-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3716-91-0x0000000000400000-0x0000000000582000-memory.dmp

Filesize
1.5MB

Download
memory/3716-65-0x0000000000770000-0x0000000000771000-memory.dmp

Filesize
4KB

Download
memory/3956-60-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/3956-36-0x0000000000400000-0x0000000000436000-memory.dmp

Filesize
216KB

Download
memory/4864-99-0x0000000000400000-0x0000000000460000-memory.dmp

Filesize
384KB

Download
memory/5044-0-0x0000000000610000-0x000000000061C000-memory.dmp

Filesize
48KB

Download
memory/5044-12-0x000000001B370000-0x000000001B392000-memory.dmp

Filesize
136KB

Download
memory/5044-11-0x000000001B430000-0x000000001B440000-memory.dmp

Filesize
64KB

Download
memory/5044-10-0x00007FF86D7E0000-0x00007FF86E2A1000-memory.dmp

Filesize
10.8MB

Download
memory/5044-34-0x00007FF86D7E0000-0x00007FF86E2A1000-memory.dmp

Filesize
10.8MB

Download