luminosity | c98e242323138170045011f3ab41dc6a811e7ed7fd27a98e6d12bef5da72181a

Analysis

max time kernel
131s
max time network
145s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28-12-2023 21:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f9d78ddd7ef2f4200e83aa452d03192c.exe
Size

411KB
MD5

f9d78ddd7ef2f4200e83aa452d03192c
SHA1

979824983e7ff0faf2c3f98c5ddad74c40d0ea7e
SHA256

c98e242323138170045011f3ab41dc6a811e7ed7fd27a98e6d12bef5da72181a
SHA512

286737f8b8b731e66e8ac9cc3aee7e38ad8a6bd3666be23204a3a0908de1c27faa7d73974546eec061e7f3bcd6ae0c75743a342630c79e30c2c94be37f182ea0
SSDEEP

12288:CJKuu0b2YF4NCI+48ykABbPCpmj+uJoSznCn:TqSz4I+48yVBbPCpmSgI

Score

10^/10

luminosity rat

Malware Config

Signatures

Luminosity
Luminosity is a RAT family that was on sale, while claiming to be a system administration utility.
rat luminosity

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

f9d78ddd7ef2f4200e83aa452d03192c.exeadobeupdater.exeadobeupdater.exeadobeupdater.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	f9d78ddd7ef2f4200e83aa452d03192c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	f9d78ddd7ef2f4200e83aa452d03192c.exe

Executes dropped EXE 6 IoCs

Processes:

adobeupdater.exeadobeupdater.exeadobeupdater.exeadobeupdater.exeadobeupdater.exeadobeupdater.exe

pid process

3016 adobeupdater.exe
636 adobeupdater.exe
1688 adobeupdater.exe
2700 adobeupdater.exe
1840 adobeupdater.exe
2576 adobeupdater.exe
Loads dropped DLL 3 IoCs

Processes:

adobeupdater.exeadobeupdater.exeadobeupdater.exe

pid process

3016 adobeupdater.exe
1688 adobeupdater.exe
1840 adobeupdater.exe

pid	process
3016	adobeupdater.exe
636	adobeupdater.exe
1688	adobeupdater.exe
2700	adobeupdater.exe
1840	adobeupdater.exe
2576	adobeupdater.exe

pid	process
3016	adobeupdater.exe
1688	adobeupdater.exe
1840	adobeupdater.exe

Suspicious use of SetThreadContext 4 IoCs

Processes:

f9d78ddd7ef2f4200e83aa452d03192c.exeadobeupdater.exeadobeupdater.exeadobeupdater.exe

description	pid	process	target process
PID 2884 set thread context of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 3016 set thread context of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 1688 set thread context of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1840 set thread context of 2576	1840	adobeupdater.exe	adobeupdater.exe

Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

2848 schtasks.exe

pid	process
2848	schtasks.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

adobeupdater.exef9d78ddd7ef2f4200e83aa452d03192c.exeadobeupdater.exeadobeupdater.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	f9d78ddd7ef2f4200e83aa452d03192c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	adobeupdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	adobeupdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	adobeupdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	f9d78ddd7ef2f4200e83aa452d03192c.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	f9d78ddd7ef2f4200e83aa452d03192c.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	adobeupdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	adobeupdater.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

f9d78ddd7ef2f4200e83aa452d03192c.exeadobeupdater.exeadobeupdater.exeadobeupdater.exe

pid	process
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
3016	adobeupdater.exe
3016	adobeupdater.exe
3016	adobeupdater.exe
3016	adobeupdater.exe
3016	adobeupdater.exe
3016	adobeupdater.exe
3016	adobeupdater.exe
1688	adobeupdater.exe
1688	adobeupdater.exe
1688	adobeupdater.exe
1688	adobeupdater.exe
1688	adobeupdater.exe
1688	adobeupdater.exe
1688	adobeupdater.exe
1840	adobeupdater.exe
1840	adobeupdater.exe
1840	adobeupdater.exe
1840	adobeupdater.exe
1840	adobeupdater.exe
1840	adobeupdater.exe
1840	adobeupdater.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

f9d78ddd7ef2f4200e83aa452d03192c.exeadobeupdater.exeadobeupdater.exeadobeupdater.exe

description	pid	process
Token: SeDebugPrivilege	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe
Token: SeDebugPrivilege	3016	adobeupdater.exe
Token: SeDebugPrivilege	1688	adobeupdater.exe
Token: SeDebugPrivilege	1840	adobeupdater.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

f9d78ddd7ef2f4200e83aa452d03192c.exe

pid process

2636 f9d78ddd7ef2f4200e83aa452d03192c.exe

pid	process
2636	f9d78ddd7ef2f4200e83aa452d03192c.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

f9d78ddd7ef2f4200e83aa452d03192c.exetaskeng.exeadobeupdater.exeadobeupdater.exeadobeupdater.exe

description	pid	process	target process
PID 2884 wrote to memory of 2848	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	schtasks.exe
PID 2884 wrote to memory of 2848	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	schtasks.exe
PID 2884 wrote to memory of 2848	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	schtasks.exe
PID 2884 wrote to memory of 2848	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	schtasks.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2884 wrote to memory of 2636	2884	f9d78ddd7ef2f4200e83aa452d03192c.exe	f9d78ddd7ef2f4200e83aa452d03192c.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 3016	2692	taskeng.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 3016 wrote to memory of 636	3016	adobeupdater.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1688	2692	taskeng.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 1688 wrote to memory of 2700	1688	adobeupdater.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 2692 wrote to memory of 1840	2692	taskeng.exe	adobeupdater.exe
PID 1840 wrote to memory of 2576	1840	adobeupdater.exe	adobeupdater.exe
PID 1840 wrote to memory of 2576	1840	adobeupdater.exe	adobeupdater.exe
PID 1840 wrote to memory of 2576	1840	adobeupdater.exe	adobeupdater.exe
PID 1840 wrote to memory of 2576	1840	adobeupdater.exe	adobeupdater.exe
PID 1840 wrote to memory of 2576	1840	adobeupdater.exe	adobeupdater.exe
PID 1840 wrote to memory of 2576	1840	adobeupdater.exe	adobeupdater.exe

C:\Users\Admin\AppData\Local\Temp\f9d78ddd7ef2f4200e83aa452d03192c.exe
"C:\Users\Admin\AppData\Local\Temp\f9d78ddd7ef2f4200e83aa452d03192c.exe"
1⤵
- Checks BIOS information in registry
- Suspicious use of SetThreadContext
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2884

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /f /sc minute /mo 1 /tn test /tr "'C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe'"
2⤵
- Creates scheduled task(s)
PID:2848

C:\Users\Admin\AppData\Local\Temp\f9d78ddd7ef2f4200e83aa452d03192c.exe
"C:\Users\Admin\AppData\Local\Temp\f9d78ddd7ef2f4200e83aa452d03192c.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2636

C:\Windows\system32\taskeng.exe
taskeng.exe {E0814D73-869D-47A5-B1B3-4D4315050192} S-1-5-21-3427588347-1492276948-3422228430-1000:QVMRJQQO\Admin:Interactive:[1]
1⤵
- Suspicious use of WriteProcessMemory
PID:2692

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3016

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
"C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe"
3⤵
- Executes dropped EXE
PID:636

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1688

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
"C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe"
3⤵
- Executes dropped EXE
PID:2700

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
2⤵
- Checks BIOS information in registry
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1840

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
"C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe"
3⤵
- Executes dropped EXE
PID:2576

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\adobeupdater.exe
Filesize
411KB

MD5
f9d78ddd7ef2f4200e83aa452d03192c

SHA1
979824983e7ff0faf2c3f98c5ddad74c40d0ea7e

SHA256
c98e242323138170045011f3ab41dc6a811e7ed7fd27a98e6d12bef5da72181a

SHA512
286737f8b8b731e66e8ac9cc3aee7e38ad8a6bd3666be23204a3a0908de1c27faa7d73974546eec061e7f3bcd6ae0c75743a342630c79e30c2c94be37f182ea0

Download Submit
memory/636-164-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/636-166-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1688-170-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1688-171-0x0000000000D40000-0x0000000000D80000-memory.dmp

Filesize
256KB

Download
memory/1688-230-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1688-232-0x0000000000D40000-0x0000000000D80000-memory.dmp

Filesize
256KB

Download
memory/1688-234-0x00000000003E0000-0x00000000003E1000-memory.dmp

Filesize
4KB

Download
memory/1688-248-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1688-250-0x0000000000D40000-0x0000000000D80000-memory.dmp

Filesize
256KB

Download
memory/1840-253-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1840-313-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1840-315-0x0000000000D10000-0x0000000000D50000-memory.dmp

Filesize
256KB

Download
memory/1840-317-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/1840-330-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/1840-331-0x0000000000D10000-0x0000000000D50000-memory.dmp

Filesize
256KB

Download
memory/2576-327-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2576-328-0x0000000000620000-0x0000000000660000-memory.dmp

Filesize
256KB

Download
memory/2576-329-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2576-332-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2636-66-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2636-62-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2636-168-0x0000000002150000-0x0000000002190000-memory.dmp

Filesize
256KB

Download
memory/2636-167-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2636-81-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2636-80-0x0000000002150000-0x0000000002190000-memory.dmp

Filesize
256KB

Download
memory/2636-79-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2636-64-0x0000000000400000-0x000000000043E000-memory.dmp

Filesize
248KB

Download
memory/2700-247-0x0000000000D40000-0x0000000000D80000-memory.dmp

Filesize
256KB

Download
memory/2700-246-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2700-251-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2700-249-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2884-34-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-58-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-52-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-40-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-0-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2884-76-0x0000000002310000-0x0000000002350000-memory.dmp

Filesize
256KB

Download
memory/2884-78-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2884-48-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-46-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-44-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-38-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-2-0x0000000002310000-0x0000000002350000-memory.dmp

Filesize
256KB

Download
memory/2884-42-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-3-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-4-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-28-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-32-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-6-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-8-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-56-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-1-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/2884-50-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-12-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-30-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-26-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-24-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-22-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-59-0x00000000003D0000-0x00000000003D1000-memory.dmp

Filesize
4KB

Download
memory/2884-36-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-18-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-20-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-61-0x0000000002310000-0x0000000002350000-memory.dmp

Filesize
256KB

Download
memory/2884-54-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-16-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-14-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/2884-10-0x00000000002B0000-0x00000000002C9000-memory.dmp

Filesize
100KB

Download
memory/3016-146-0x0000000001DF0000-0x0000000001E30000-memory.dmp

Filesize
256KB

Download
memory/3016-163-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/3016-165-0x0000000001DF0000-0x0000000001E30000-memory.dmp

Filesize
256KB

Download
memory/3016-145-0x0000000001DE0000-0x0000000001DE1000-memory.dmp

Filesize
4KB

Download
memory/3016-89-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download
memory/3016-86-0x0000000001DF0000-0x0000000001E30000-memory.dmp

Filesize
256KB

Download
memory/3016-85-0x0000000074670000-0x0000000074C1B000-memory.dmp

Filesize
5.7MB

Download