lumma | 3621cbb7c16bb07b3636356e9f73788c95057b3fe7cba6850e8f3b2d0fda6dc5

Analysis

max time kernel
154s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
24/12/2023, 22:15

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

14f9e3ea623dccde8cc077de47dc6c1b.exe
Size

216KB
MD5

14f9e3ea623dccde8cc077de47dc6c1b
SHA1

e55644d8a8b366d94f6e05be56daed1ff7ca4241
SHA256

3621cbb7c16bb07b3636356e9f73788c95057b3fe7cba6850e8f3b2d0fda6dc5
SHA512

e35bae057c97a7fe2567ca1562a1c7418f66cd07d92f52cf364133b679677aadece02e28375e44c47d2ed81e458742b2911a0ec2d5c624749cea694edfbd46b4
SSDEEP

6144:6b3UYmL5+wp7XH51MnD9fpoh+WclrLqE:6beLpJXZ1b+WSyE

Score

10^/10

lumma metasploit backdoor stealer trojan upx

Malware Config

Extracted

Family

metasploit

Version

encoder/fnstenv_mov

Signatures

Detect Lumma Stealer payload V4 38 IoCs

resource	yara_rule
behavioral2/memory/2736-1-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/2736-3-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/2736-4-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/2736-5-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/2736-12-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3408-17-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3408-18-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3408-19-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3408-20-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1292-28-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1292-26-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1292-29-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1292-30-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3216-37-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3216-38-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3216-39-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/3216-40-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4960-47-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4960-48-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4960-49-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4960-50-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4376-57-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4376-58-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4376-59-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4376-60-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1868-68-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1868-69-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1868-70-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/1868-71-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/536-78-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/536-79-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/536-80-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/536-81-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4684-88-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4684-90-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4684-89-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/4684-91-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4
behavioral2/memory/2580-100-0x0000000000400000-0x0000000000481000-memory.dmp	family_lumma_v4

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit

Executes dropped EXE 18 IoCs

pid	Process
2524	globalpatch.exe
3408	globalpatch.exe
3416	globalpatch.exe
1292	globalpatch.exe
4924	globalpatch.exe
3216	globalpatch.exe
4032	globalpatch.exe
4960	globalpatch.exe
4760	globalpatch.exe
4376	globalpatch.exe
2560	globalpatch.exe
1868	globalpatch.exe
4760	globalpatch.exe
536	globalpatch.exe
4432	globalpatch.exe
4684	globalpatch.exe
4304	globalpatch.exe
2580	globalpatch.exe

UPX packed file 13 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2440-0-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2440-2-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/files/0x000600000002320f-11.dat	upx
behavioral2/memory/2524-16-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/3416-27-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4924-36-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4032-46-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4760-56-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2560-62-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/2560-67-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4760-77-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4432-87-0x0000000000400000-0x000000000044B000-memory.dmp	upx
behavioral2/memory/4304-97-0x0000000000400000-0x000000000044B000-memory.dmp	upx

Drops file in System32 directory 20 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	14f9e3ea623dccde8cc077de47dc6c1b.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	14f9e3ea623dccde8cc077de47dc6c1b.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File created	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe
File opened for modification	C:\Windows\SysWOW64\globalpatch.exe	globalpatch.exe

Suspicious use of SetThreadContext 10 IoCs

description	pid	Process	procid_target
PID 2440 set thread context of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2524 set thread context of 3408	2524	globalpatch.exe	91
PID 3416 set thread context of 1292	3416	globalpatch.exe	100
PID 4924 set thread context of 3216	4924	globalpatch.exe	104
PID 4032 set thread context of 4960	4032	globalpatch.exe	109
PID 4760 set thread context of 4376	4760	globalpatch.exe	111
PID 2560 set thread context of 1868	2560	globalpatch.exe	116
PID 4760 set thread context of 536	4760	globalpatch.exe	118
PID 4432 set thread context of 4684	4432	globalpatch.exe	120
PID 4304 set thread context of 2580	4304	globalpatch.exe	128

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2440 wrote to memory of 2736	2440	14f9e3ea623dccde8cc077de47dc6c1b.exe	88
PID 2736 wrote to memory of 2524	2736	14f9e3ea623dccde8cc077de47dc6c1b.exe	90
PID 2736 wrote to memory of 2524	2736	14f9e3ea623dccde8cc077de47dc6c1b.exe	90
PID 2736 wrote to memory of 2524	2736	14f9e3ea623dccde8cc077de47dc6c1b.exe	90
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 2524 wrote to memory of 3408	2524	globalpatch.exe	91
PID 3408 wrote to memory of 3416	3408	globalpatch.exe	99
PID 3408 wrote to memory of 3416	3408	globalpatch.exe	99
PID 3408 wrote to memory of 3416	3408	globalpatch.exe	99
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 3416 wrote to memory of 1292	3416	globalpatch.exe	100
PID 1292 wrote to memory of 4924	1292	globalpatch.exe	103
PID 1292 wrote to memory of 4924	1292	globalpatch.exe	103
PID 1292 wrote to memory of 4924	1292	globalpatch.exe	103
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 4924 wrote to memory of 3216	4924	globalpatch.exe	104
PID 3216 wrote to memory of 4032	3216	globalpatch.exe	108
PID 3216 wrote to memory of 4032	3216	globalpatch.exe	108
PID 3216 wrote to memory of 4032	3216	globalpatch.exe	108
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4032 wrote to memory of 4960	4032	globalpatch.exe	109
PID 4960 wrote to memory of 4760	4960	globalpatch.exe	110
PID 4960 wrote to memory of 4760	4960	globalpatch.exe	110
PID 4960 wrote to memory of 4760	4960	globalpatch.exe	110
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4760 wrote to memory of 4376	4760	globalpatch.exe	111
PID 4376 wrote to memory of 2560	4376	globalpatch.exe	115

C:\Users\Admin\AppData\Local\Temp\14f9e3ea623dccde8cc077de47dc6c1b.exe
"C:\Users\Admin\AppData\Local\Temp\14f9e3ea623dccde8cc077de47dc6c1b.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Users\Admin\AppData\Local\Temp\14f9e3ea623dccde8cc077de47dc6c1b.exe
  "C:\Users\Admin\AppData\Local\Temp\14f9e3ea623dccde8cc077de47dc6c1b.exe"
  2⤵
  - Drops file in System32 directory
  - Suspicious use of WriteProcessMemory
  PID:2736
- - C:\Windows\SysWOW64\globalpatch.exe
    C:\Windows\system32\globalpatch.exe 1084 "C:\Users\Admin\AppData\Local\Temp\14f9e3ea623dccde8cc077de47dc6c1b.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetThreadContext
    - Suspicious use of WriteProcessMemory
    PID:2524
  - - C:\Windows\SysWOW64\globalpatch.exe
      1084 "C:\Users\Admin\AppData\Local\Temp\14f9e3ea623dccde8cc077de47dc6c1b.exe"
      4⤵
      Executes dropped EXE
      Drops file in System32 directory
      Suspicious use of WriteProcessMemory
      PID:3408
    - - C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1124 "C:\Windows\SysWOW64\globalpatch.exe"
        5⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:3416
      - C:\Windows\SysWOW64\globalpatch.exe
        
        1124 "C:\Windows\SysWOW64\globalpatch.exe"
        6⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:1292
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
        7⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4924
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        1092 "C:\Windows\SysWOW64\globalpatch.exe"
        8⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:3216
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 972 "C:\Windows\SysWOW64\globalpatch.exe"
        9⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4032
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        972 "C:\Windows\SysWOW64\globalpatch.exe"
        10⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4960
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1100 "C:\Windows\SysWOW64\globalpatch.exe"
        11⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        Suspicious use of WriteProcessMemory
        
        PID:4760
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        1100 "C:\Windows\SysWOW64\globalpatch.exe"
        12⤵
        Executes dropped EXE
        Drops file in System32 directory
        Suspicious use of WriteProcessMemory
        
        PID:4376
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
        13⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:2560
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        1092 "C:\Windows\SysWOW64\globalpatch.exe"
        14⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:1868
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
        15⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4760
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        1092 "C:\Windows\SysWOW64\globalpatch.exe"
        16⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:536
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1096 "C:\Windows\SysWOW64\globalpatch.exe"
        17⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4432
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        1096 "C:\Windows\SysWOW64\globalpatch.exe"
        18⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:4684
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        C:\Windows\system32\globalpatch.exe 1092 "C:\Windows\SysWOW64\globalpatch.exe"
        19⤵
        Executes dropped EXE
        Suspicious use of SetThreadContext
        
        PID:4304
        
        C:\Windows\SysWOW64\globalpatch.exe
        
        1092 "C:\Windows\SysWOW64\globalpatch.exe"
        20⤵
        Executes dropped EXE
        Drops file in System32 directory
        
        PID:2580

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Windows\SysWOW64\globalpatch.exe

Filesize
216KB

MD5
14f9e3ea623dccde8cc077de47dc6c1b

SHA1
e55644d8a8b366d94f6e05be56daed1ff7ca4241

SHA256
3621cbb7c16bb07b3636356e9f73788c95057b3fe7cba6850e8f3b2d0fda6dc5

SHA512
e35bae057c97a7fe2567ca1562a1c7418f66cd07d92f52cf364133b679677aadece02e28375e44c47d2ed81e458742b2911a0ec2d5c624749cea694edfbd46b4

Download Submit
memory/536-78-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/536-79-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/536-81-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/536-80-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1292-30-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1292-29-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1292-26-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1292-28-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1868-69-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1868-70-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1868-68-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/1868-71-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2440-0-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2440-2-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2524-16-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2560-62-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2560-67-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/2580-100-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2736-12-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2736-5-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2736-4-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2736-3-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/2736-1-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3216-38-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3216-39-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3216-40-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3216-37-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3408-20-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3408-17-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3408-18-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3408-19-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/3416-27-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4032-46-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4304-97-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4376-58-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4376-59-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4376-60-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4376-57-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4432-87-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4684-91-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4684-88-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4684-90-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4684-89-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4760-77-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4760-56-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4924-36-0x0000000000400000-0x000000000044B000-memory.dmp

Filesize
300KB

Download
memory/4960-47-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4960-48-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4960-49-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download
memory/4960-50-0x0000000000400000-0x0000000000481000-memory.dmp

Filesize
516KB

Download