Overview

overview

10

Static

static

1

URLScan

urlscan

1

https://dl.dropboxus...

windows10-1703-x64

10

Analysis

  • max time kernel
    178s
  • max time network
    177s
  • platform
    windows10-1703_x64
  • resource
    win10-20240221-en
  • resource tags

    arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28/02/2024, 13:49

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    https://dl.dropboxusercontent.com/scl/fi/hln0vfbugwn340cdy2pbs/Project?rlkey=ir4ytxyhaasm4b3oy5hwhceb1

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://technologyenterdo.shop/api

https://detectordiscusser.shop/api

https://turkeyunlikelyofw.shop/api

https://associationokeo.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Executes dropped EXE 3 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Windows directory 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • NTFS ADS 4 IoCs
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 3 IoCs
  • Suspicious behavior: MapViewOfSection 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 25 IoCs
  • Suspicious use of FindShellTrayWindow 10 IoCs
  • Suspicious use of SetWindowsHookEx 4 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs
  • Uses Task Scheduler COM API 1 TTPs

    The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.

    persistence
  • Uses Volume Shadow Copy WMI provider

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

    ransomware

Processes

  • C:\Windows\system32\LaunchWinApp.exe
    "C:\Windows\system32\LaunchWinApp.exe" "https://dl.dropboxusercontent.com/scl/fi/hln0vfbugwn340cdy2pbs/Project?rlkey=ir4ytxyhaasm4b3oy5hwhceb1"
    1⤵
      PID:3076
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:4808
    • C:\Windows\system32\browser_broker.exe
      C:\Windows\system32\browser_broker.exe -Embedding
      1⤵
      • Modifies Internet Explorer settings
      • Modifies registry class
      • NTFS ADS
      PID:1196
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Modifies registry class
      • Suspicious behavior: MapViewOfSection
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1988
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies Internet Explorer settings
      • Modifies registry class
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of SetWindowsHookEx
      PID:880
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:2396
    • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
      "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
      1⤵
      • Drops file in Windows directory
      • Modifies registry class
      PID:5084
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project.rar"
      1⤵
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      PID:920
    • C:\Program Files\7-Zip\7zFM.exe
      "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project.rar"
      1⤵
      • NTFS ADS
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: GetForegroundWindowSpam
      • Suspicious use of AdjustPrivilegeToken
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of WriteProcessMemory
      PID:4836
      • C:\Users\Admin\AppData\Local\Temp\7zO4E21BA68\GitHubLoader.exe
        "C:\Users\Admin\AppData\Local\Temp\7zO4E21BA68\GitHubLoader.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of SetThreadContext
        • Suspicious use of WriteProcessMemory
        PID:4300
        • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
          "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
          3⤵
            PID:4812
        • C:\Users\Admin\AppData\Local\Temp\7zO4E28C4B8\GitHubLoader.exe
          "C:\Users\Admin\AppData\Local\Temp\7zO4E28C4B8\GitHubLoader.exe"
          2⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:2720
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            3⤵
              PID:1188
        • C:\Program Files\7-Zip\7zG.exe
          "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\" -spe -an -ai#7zMap26899:218:7zEvent30664
          1⤵
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of FindShellTrayWindow
          PID:1120
        • C:\Windows\System32\rundll32.exe
          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
          1⤵
            PID:2588
          • C:\Program Files\7-Zip\7zG.exe
            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\" -ad -an -ai#7zMap17268:218:7zEvent5568
            1⤵
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            PID:4352
          • C:\Program Files\7-Zip\7zFM.exe
            "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project.rar"
            1⤵
            • NTFS ADS
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: GetForegroundWindowSpam
            • Suspicious use of AdjustPrivilegeToken
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of WriteProcessMemory
            PID:596
            • C:\Users\Admin\AppData\Local\Temp\7zO4527AEB9\GitHubLoader.exe
              "C:\Users\Admin\AppData\Local\Temp\7zO4527AEB9\GitHubLoader.exe"
              2⤵
              • Executes dropped EXE
              • Suspicious use of SetThreadContext
              • Suspicious use of WriteProcessMemory
              PID:2504
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                3⤵
                  PID:4608

            Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\GitHubLoader.exe.log
                    Filesize

                    137B

                    MD5

                    8a8f1e8a778dff107b41ea564681fe7b

                    SHA1

                    08efcfdc3e33281b2b107d16b739b72af4898041

                    SHA256

                    d09cdd05da4e3e875d3d5d66c542404519759acda2efa7c00ca69aa3f6234de4

                    SHA512

                    a372330793e09c661e6bf8b2c293c1af81de77972b8b4ba47055f07be0fcdfe5e507adbc53903a0cd90c392b36fe4a8a41d3fea923ad97fa061dbef65398edf6

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\7HB61I1H\edgecompatviewlist[1].xml
                    Filesize

                    74KB

                    MD5

                    d4fc49dc14f63895d997fa4940f24378

                    SHA1

                    3efb1437a7c5e46034147cbbc8db017c69d02c31

                    SHA256

                    853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

                    SHA512

                    cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5AAKMMFU\Project[1].rar
                    Filesize

                    210KB

                    MD5

                    b71fdd1a50f52f8e784f96e620982c91

                    SHA1

                    21b058f33711b201a47ae8276bf3971df9f46ad6

                    SHA256

                    5e43754c59152d62a7cc0197e5b22302a7a74ba219dfe6d2005e89cabbfb6ff2

                    SHA512

                    2fcda468e7970566006c83e886de167c28bc22e62e5b829945273f5e9c06b120bbd4c66d92430e3670393aa117f930404e02f905feed952b10634cc8d4e6baa2

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\5JERCMPC\suggestions[1].en-US
                    Filesize

                    17KB

                    MD5

                    5a34cb996293fde2cb7a4ac89587393a

                    SHA1

                    3c96c993500690d1a77873cd62bc639b3a10653f

                    SHA256

                    c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

                    SHA512

                    e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project.rar
                    Filesize

                    21.6MB

                    MD5

                    401dcb038dd1807e536a7830ff0b02da

                    SHA1

                    0c1d9e58c303a693ee9ae30e9088f37c1dc3f9ca

                    SHA256

                    74cf692ff9c1a2d141969b6b368f63dfcb2079ab3fcb401fd854e72b34f6a42e

                    SHA512

                    1478bb683026615262e28209711bf12467afe8e8b461d0aea818028a05681a8d2e63c6d96a57e854d41536f8c513564fc4d776b0c241c41d94f445b6f26fcdc5

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project.rar.7pu13sz.partial
                    Filesize

                    128KB

                    MD5

                    bb7f2fa8cd167c61ab20976db2c2fad8

                    SHA1

                    2a91d95fdf5bc8911a5cc00c47ac1b47c1fa4fc0

                    SHA256

                    ed1e13704a0ee97224206da5a4c34f2c2807ed1c3aee3bd7e87c31ab13755363

                    SHA512

                    d8142964a173f04d0da8b9e29b4883844f654b329cb2d1dbd00d37c308161bc760fdbfa251c12a3c553029b3b7aea3dfdd1e87a8528d1be5d7d7a03ba73dd909

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\Cached
                    Filesize

                    2.0MB

                    MD5

                    5c9f05b8288556f0cce8a677bbca611d

                    SHA1

                    4194d8fb763522b0fba94712a61fb99fb15bf7b4

                    SHA256

                    814886afe51adb37e9e46a1e8e9419ec062f72923d1a8f3337273a53d509d86b

                    SHA512

                    65df6a784887f3084366df8d65675104e872e8005478f4ba35d2619ea1bb1ee8b04211dee0e01c145d373830b5853bf08aaa80b432cf2b7eeef8070c9f6d7e3e

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\Microsoft.Windows.SDK.NET.dll
                    Filesize

                    18.9MB

                    MD5

                    e3bbbd3dd68e311dab9cec40238654ca

                    SHA1

                    48390edd79e91be8d005f40ddbd15eca722c554a

                    SHA256

                    7298108b972bd8004bf8326994f3a7f045aed53958c0ca425d3b38e67d8560ca

                    SHA512

                    ded56aa0852460edd3c6aad192ad27ad21490f1c9adb8ca45b5db308c25942f432fcd43558d37d17c2be9c3daa4c7c344e99b2ad0205826d602bf6c14d744a73

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\PresentationCore.dll
                    Filesize

                    8.3MB

                    MD5

                    e85a5ff99fd7a6ae9619138293e1cfea

                    SHA1

                    d1edceeeb255acffe14ad2c4eb4fe2a0a911dfd0

                    SHA256

                    a70e09031ef5ee4a2d79659aabe5d1ebef48effe2705a6f97c37c5c46cda9473

                    SHA512

                    b3380cbb8a400562ca9d9ad1a4ebc0167aa16616652162d0f5a9a7a543c52b97b5bf6687a0f63ee913ce73ac61c5bde1375ca317e11457bdbb681a0bf02d435f

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\PresentationFramework.dll
                    Filesize

                    8.0MB

                    MD5

                    6fc02df9f27193015cbd29b4a3325419

                    SHA1

                    56b8a56f5379005cef67368b985f9f81f070cbef

                    SHA256

                    4377e980711d9cd683c84f6726a25be3befdd997dccfd29d657e2a4bb73ed5ee

                    SHA512

                    ec3afa69aa28c853410b8423612755b84b3cb663320d3ee2ccc29b229e0a05937bed088068ad30108938482e36971dd6710db9f20c3e6273efad4243bdecce46

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\System.Private.CoreLib.dll
                    Filesize

                    6.3MB

                    MD5

                    4bf29901dacdcf36ae06b409ff0655bc

                    SHA1

                    36ab1a1926d13587026486cf97bd2d2b70cf51bf

                    SHA256

                    a204e55e27e23e5a06d0801729ed897ede1bd4e2f6c375977ebe7eb37ebcfb04

                    SHA512

                    d5f468844b35c7aa77bfb87abab708f839a27d77cab850372f5bf39613d268b885ea647f0d7a12cfd10f021363028ecfc7a28d2b943b1c39af3c017372cdf477

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\System.Private.Xml.dll
                    Filesize

                    8.1MB

                    MD5

                    6756087e071532303f7001b6e5970538

                    SHA1

                    bcdb033ebd460ddb70cc8986def9c5e5dedc2502

                    SHA256

                    320e661c03bd44c9cbeccefa20dfeccc6c7ceebf06a76510e120d37208d61054

                    SHA512

                    0eb38ae862bfce0628feea7604475ad7019f2e4f652cfc20b34bb37f1fcead271792a9a5d06eb9f30ab95136ff4557f6a9fa8ecb43910c9d3d2eca3691f5219d

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\System.Windows.Forms.dll
                    Filesize

                    12.7MB

                    MD5

                    40ebeba76ec2a39637601eaaada6ef8b

                    SHA1

                    d5d657039adcd0479f5be94cfa13fcd05209bf61

                    SHA256

                    d103d2a1a3257c74d3d0871f9fab132471769d42bd45853cc2be0c1f93eb0c07

                    SHA512

                    c4a2b8521315a9fd7f76e97de717fb59792cc54fbf9a87a5da85099f5b84b239353a2749478249e6d57b9ba349ff913ce9222e9626499be3ad67b69704a172e3

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\Project\GitHubLoadTool\grpc_csharp_ext.x64.dll
                    Filesize

                    12.1MB

                    MD5

                    88dc6caa0d47e61c8263ab01a2ca12a9

                    SHA1

                    84d6b4573f9e0ae8c051280ce903e613cf3d6673

                    SHA256

                    4133225f8e65114926a1f8dfe5e1382186b4150de393cfb9476d32cf45ee05e6

                    SHA512

                    1df929fabdeee0c344074f9cafef64382fc3d917e3601c84dfb986675939597eea4a5b426e91adc57a4ca00fbae3274d6b6f1c5c478ca9e2f8322890951b5889

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5AAKMMFU\Project[1].rar
                    Filesize

                    32KB

                    MD5

                    9c0acb825c325685b71eddef95841901

                    SHA1

                    eb8b5ebc185f64600a1c19e379b098bc46a3aa59

                    SHA256

                    94265e022fd233eed16b4b49dbea6b3d2555fe8f8d131c55d086544c9adcbce4

                    SHA512

                    8117a02d81478efda2ca8b2a65e3af43d917d2247766a718c7cf6d2aa1861af3aab8619e296f2dd396771cf786c2c47d8fefb86a3b23ba170be14945dd8e3987

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\7zO4E21BA68\GitHubLoader.exe
                    Filesize

                    432KB

                    MD5

                    9a25ab8bdaa157c47a64fc2b0a1e443a

                    SHA1

                    c96cc57a7bfeaf3415005965974ad721ffebdbbe

                    SHA256

                    14123370ea7689a1be3d067a5a53c96c47aaf2573714a08b65a25369a7523517

                    SHA512

                    010a8f22d17a7b17afc70c9ed12ca9a532108e99d1f3fb0dc59a0339473395aaf87781d83a14aff4bce751d4b2417f1d0edf16b6afe186ff9c325100058fed41

                    Download Submit

                  • C:\Users\Admin\AppData\Local\Temp\7zO4E28C4B8\GitHubLoader.exe:Zone.Identifier
                    Filesize

                    167B

                    MD5

                    d944b5740f597350307f6771ee904622

                    SHA1

                    5883113bf1205fc9c8fddfa151b3ae31f48a52cf

                    SHA256

                    2d04863a6ca1c4419e92ace2647fa38767da2eefd0295da01ef948488520c438

                    SHA512

                    1b312cd1cac8e22f54c503537b1bad94979a6c7ddb843aedf3fbb6627ddfa7dcbd157e40a78a9323d6cc61679394c290398701ee03fa9151973f6fe2d41ccd9c

                    Download Submit

                  • memory/1188-214-0x0000000000400000-0x0000000000445000-memory.dmp

                    Filesize

                    276KB

                    Download

                  • memory/2396-69-0x00000292731D0000-0x00000292731D2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2396-65-0x00000292731B0000-0x00000292731B2000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2396-62-0x0000029273180000-0x0000029273182000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/2504-257-0x0000000004960000-0x0000000004970000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2504-254-0x0000000073950000-0x000000007403E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/2504-255-0x0000000004960000-0x0000000004970000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2504-259-0x0000000004960000-0x0000000004970000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2504-263-0x00000000024B0000-0x00000000044B0000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/2504-265-0x0000000073950000-0x000000007403E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/2720-215-0x0000000002670000-0x0000000004670000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/2720-206-0x0000000004A90000-0x0000000004AA0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2720-213-0x0000000002670000-0x0000000004670000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/2720-212-0x0000000073950000-0x000000007403E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/2720-205-0x0000000004A90000-0x0000000004AA0000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/2720-203-0x0000000073950000-0x000000007403E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/4300-126-0x0000000073950000-0x000000007403E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/4300-129-0x0000000004C00000-0x0000000004C10000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4300-125-0x00000000021D0000-0x0000000002220000-memory.dmp

                    Filesize

                    320KB

                    Download

                  • memory/4300-127-0x0000000004C00000-0x0000000004C10000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4300-128-0x0000000004C00000-0x0000000004C10000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4300-139-0x0000000073950000-0x000000007403E000-memory.dmp

                    Filesize

                    6.9MB

                    Download

                  • memory/4300-140-0x0000000002750000-0x0000000004750000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/4300-192-0x0000000002750000-0x0000000004750000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/4300-131-0x0000000002480000-0x00000000024CE000-memory.dmp

                    Filesize

                    312KB

                    Download

                  • memory/4300-130-0x0000000004C10000-0x000000000510E000-memory.dmp

                    Filesize

                    5.0MB

                    Download

                  • memory/4608-266-0x00000000024B0000-0x00000000044B0000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/4608-268-0x0000000000400000-0x0000000000445000-memory.dmp

                    Filesize

                    276KB

                    Download

                  • memory/4608-267-0x00000000024B0000-0x00000000044B0000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/4808-16-0x0000020447000000-0x0000020447010000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4808-0-0x0000020446B20000-0x0000020446B30000-memory.dmp

                    Filesize

                    64KB

                    Download

                  • memory/4808-66-0x000002044D7C0000-0x000002044D7C1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4808-68-0x000002044D7D0000-0x000002044D7D1000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4808-35-0x0000020447100000-0x0000020447102000-memory.dmp

                    Filesize

                    8KB

                    Download

                  • memory/4812-143-0x0000000000400000-0x0000000000445000-memory.dmp

                    Filesize

                    276KB

                    Download

                  • memory/4812-134-0x0000000000400000-0x0000000000445000-memory.dmp

                    Filesize

                    276KB

                    Download

                  • memory/4812-142-0x0000000000F40000-0x0000000000F41000-memory.dmp

                    Filesize

                    4KB

                    Download

                  • memory/4812-141-0x0000000002750000-0x0000000004750000-memory.dmp

                    Filesize

                    32.0MB

                    Download

                  • memory/4812-138-0x0000000000400000-0x0000000000445000-memory.dmp

                    Filesize

                    276KB

                    Download