lumma | d0d6cabab10e62f0261e2ca13daa453b4ec38c9f81880a55d1aca04c8ae5a3fa

Resubmissions

06/04/2024, 02:27

240406-cxlmyahb6x 3

06/04/2024, 02:26

06/04/2024, 02:25

06/04/2024, 02:21

06/04/2024, 02:19

06/04/2024, 02:18

06/04/2024, 02:17

Analysis

max time kernel
582s
max time network
597s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/04/2024, 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Launcher.bat
Size

544B
MD5

17033b44988e812ebade9022cba3584f
SHA1

3c98c9f36212cfeec679057cabb1ea5d4bffb1a1
SHA256

deda21bef6613c01484a7c219070f1c510d96a31373a9561e31a8e45b3c94473
SHA512

9f54c72cafeedb4b332e8c4d438e88475d1757ea4ffdf23d13d0f1bae55806b3fe58cf48002085f5a867c5d8906c4b7674584c4070288e35026037cdc33eb282

Score

10^/10

lumma zgrat rat spyware stealer

Malware Config

Extracted

Family

lumma

https://birdpenallitysydw.shop/api

Signatures

Detect ZGRat V1 2 IoCs

resource	yara_rule
behavioral2/files/0x000700000002324d-344.dat	family_zgrat_v1
behavioral2/memory/1508-347-0x0000000000240000-0x0000000000696000-memory.dmp	family_zgrat_v1

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Executes dropped EXE 1 IoCs

pid	Process
1508	dma.exe

Loads dropped DLL 1 IoCs

pid	Process
1508	dma.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 1508 set thread context of 4364	1508	dma.exe	111

Drops file in Windows directory 1 IoCs

description	ioc	Process
File created	C:\Windows\Setup\Scripts\ErrorHandler.cmd	compiler.exe

Creates scheduled task(s) 1 TTPs 1 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence

Scheduled Task/Job

T1053

pid	Process
3568	schtasks.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4244	powershell.exe
4244	powershell.exe
4364	MsBuild.exe
4364	MsBuild.exe
4364	MsBuild.exe
4364	MsBuild.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4244	powershell.exe
Token: SeIncreaseQuotaPrivilege	4244	powershell.exe
Token: SeSecurityPrivilege	4244	powershell.exe
Token: SeTakeOwnershipPrivilege	4244	powershell.exe
Token: SeLoadDriverPrivilege	4244	powershell.exe
Token: SeSystemProfilePrivilege	4244	powershell.exe
Token: SeSystemtimePrivilege	4244	powershell.exe
Token: SeProfSingleProcessPrivilege	4244	powershell.exe
Token: SeIncBasePriorityPrivilege	4244	powershell.exe
Token: SeCreatePagefilePrivilege	4244	powershell.exe
Token: SeBackupPrivilege	4244	powershell.exe
Token: SeRestorePrivilege	4244	powershell.exe
Token: SeShutdownPrivilege	4244	powershell.exe
Token: SeDebugPrivilege	4244	powershell.exe
Token: SeSystemEnvironmentPrivilege	4244	powershell.exe
Token: SeRemoteShutdownPrivilege	4244	powershell.exe
Token: SeUndockPrivilege	4244	powershell.exe
Token: SeManageVolumePrivilege	4244	powershell.exe
Token: 33	4244	powershell.exe
Token: 34	4244	powershell.exe
Token: 35	4244	powershell.exe
Token: 36	4244	powershell.exe
Token: SeIncreaseQuotaPrivilege	4244	powershell.exe
Token: SeSecurityPrivilege	4244	powershell.exe
Token: SeTakeOwnershipPrivilege	4244	powershell.exe
Token: SeLoadDriverPrivilege	4244	powershell.exe
Token: SeSystemProfilePrivilege	4244	powershell.exe
Token: SeSystemtimePrivilege	4244	powershell.exe
Token: SeProfSingleProcessPrivilege	4244	powershell.exe
Token: SeIncBasePriorityPrivilege	4244	powershell.exe
Token: SeCreatePagefilePrivilege	4244	powershell.exe
Token: SeBackupPrivilege	4244	powershell.exe
Token: SeRestorePrivilege	4244	powershell.exe
Token: SeShutdownPrivilege	4244	powershell.exe
Token: SeDebugPrivilege	4244	powershell.exe
Token: SeSystemEnvironmentPrivilege	4244	powershell.exe
Token: SeRemoteShutdownPrivilege	4244	powershell.exe
Token: SeUndockPrivilege	4244	powershell.exe
Token: SeManageVolumePrivilege	4244	powershell.exe
Token: 33	4244	powershell.exe
Token: 34	4244	powershell.exe
Token: 35	4244	powershell.exe
Token: 36	4244	powershell.exe
Token: SeIncreaseQuotaPrivilege	4244	powershell.exe
Token: SeSecurityPrivilege	4244	powershell.exe
Token: SeTakeOwnershipPrivilege	4244	powershell.exe
Token: SeLoadDriverPrivilege	4244	powershell.exe
Token: SeSystemProfilePrivilege	4244	powershell.exe
Token: SeSystemtimePrivilege	4244	powershell.exe
Token: SeProfSingleProcessPrivilege	4244	powershell.exe
Token: SeIncBasePriorityPrivilege	4244	powershell.exe
Token: SeCreatePagefilePrivilege	4244	powershell.exe
Token: SeBackupPrivilege	4244	powershell.exe
Token: SeRestorePrivilege	4244	powershell.exe
Token: SeShutdownPrivilege	4244	powershell.exe
Token: SeDebugPrivilege	4244	powershell.exe
Token: SeSystemEnvironmentPrivilege	4244	powershell.exe
Token: SeRemoteShutdownPrivilege	4244	powershell.exe
Token: SeUndockPrivilege	4244	powershell.exe
Token: SeManageVolumePrivilege	4244	powershell.exe
Token: 33	4244	powershell.exe
Token: 34	4244	powershell.exe
Token: 35	4244	powershell.exe
Token: 36	4244	powershell.exe

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 4760 wrote to memory of 1896	4760	cmd.exe	86
PID 4760 wrote to memory of 1896	4760	cmd.exe	86
PID 4760 wrote to memory of 3248	4760	cmd.exe	87
PID 4760 wrote to memory of 3248	4760	cmd.exe	87
PID 4760 wrote to memory of 3248	4760	cmd.exe	87
PID 3248 wrote to memory of 3568	3248	compiler.exe	101
PID 3248 wrote to memory of 3568	3248	compiler.exe	101
PID 3248 wrote to memory of 3568	3248	compiler.exe	101
PID 3248 wrote to memory of 4244	3248	compiler.exe	102
PID 3248 wrote to memory of 4244	3248	compiler.exe	102
PID 3248 wrote to memory of 4244	3248	compiler.exe	102
PID 1508 wrote to memory of 4032	1508	dma.exe	105
PID 1508 wrote to memory of 4032	1508	dma.exe	105
PID 1508 wrote to memory of 4032	1508	dma.exe	105
PID 1508 wrote to memory of 4420	1508	dma.exe	106
PID 1508 wrote to memory of 4420	1508	dma.exe	106
PID 1508 wrote to memory of 4420	1508	dma.exe	106
PID 1508 wrote to memory of 4928	1508	dma.exe	107
PID 1508 wrote to memory of 4928	1508	dma.exe	107
PID 1508 wrote to memory of 4928	1508	dma.exe	107
PID 1508 wrote to memory of 1316	1508	dma.exe	108
PID 1508 wrote to memory of 1316	1508	dma.exe	108
PID 1508 wrote to memory of 1316	1508	dma.exe	108
PID 1508 wrote to memory of 692	1508	dma.exe	109
PID 1508 wrote to memory of 692	1508	dma.exe	109
PID 1508 wrote to memory of 692	1508	dma.exe	109
PID 1508 wrote to memory of 4408	1508	dma.exe	110
PID 1508 wrote to memory of 4408	1508	dma.exe	110
PID 1508 wrote to memory of 4408	1508	dma.exe	110
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111
PID 1508 wrote to memory of 4364	1508	dma.exe	111

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Launcher.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4760
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:1896
- C:\Users\Admin\AppData\Local\Temp\compiler.exe
  compiler.exe config
  2⤵
  - Drops file in Windows directory
  - Suspicious use of WriteProcessMemory
  PID:3248
- - C:\Windows\SysWOW64\schtasks.exe
    schtasks /create /sc daily /st 12:58 /f /tn WindowsSetup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
    3⤵
    - Creates scheduled task(s)
    PID:3568
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    powershell -Command "Register-ScheduledTask -TaskName 'ZG1hNzc3' -Action (New-ScheduledTaskAction -Execute 'C:\Users\Admin\AppData\Roaming\sys\http\tcp\dma.exe') -Trigger (New-ScheduledTaskTrigger -At (Get-Date).AddMinutes(1) -Once) -Settings (New-ScheduledTaskSettingsSet -AllowStartIfOnBatteries -DontStopIfGoingOnBatteries -StartWhenAvailable) -Force"
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4244

C:\Users\Admin\AppData\Roaming\sys\http\tcp\dma.exe
C:\Users\Admin\AppData\Roaming\sys\http\tcp\dma.exe
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:1508
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:4032
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:4420
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:4928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:1316
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:692
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  PID:4408
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  C:\Windows\Microsoft.NET\Framework\v4.0.30319\MsBuild.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4364

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
PID:4004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\Protect544cd51a.dll

Filesize
742KB

MD5
544cd51a596619b78e9b54b70088307d

SHA1
4769ddd2dbc1dc44b758964ed0bd231b85880b65

SHA256
dfce2d4d06de6452998b3c5b2dc33eaa6db2bd37810d04e3d02dc931887cfddd

SHA512
f56d8b81022bb132d40aa78596da39b5c212d13b84b5c7d2c576bbf403924f1d22e750de3b09d1be30aea359f1b72c5043b19685fc9bf06d8040bfee16b17719

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m3rsdzdy.l15.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\sys\http\tcp\dma.exe

Filesize
1024.3MB

MD5
1ecc53444cf7ff8f8c3d8635fe8cfa36

SHA1
7c5f36a85f9edaab7a17f21ec37f006d2444fb2f

SHA256
c31659597021e4d8d768817270eb47db15ba4749df91219b9131692dae14138c

SHA512
85db38e470feb70950937a2fe45ded6ca0b857b7da565106fee552706a67cdf974f47675402de9785ada25fe4c03013a7b031a90cdbbece282b8d494524acb3e

Download Submit
memory/1508-359-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-355-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/1508-365-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-364-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-363-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-362-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-361-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-367-0x0000000005740000-0x0000000005840000-memory.dmp

Filesize
1024KB

Download
memory/1508-358-0x00000000052D0000-0x00000000052E0000-memory.dmp

Filesize
64KB

Download
memory/1508-366-0x0000000005740000-0x0000000005840000-memory.dmp

Filesize
1024KB

Download
memory/1508-368-0x0000000005740000-0x0000000005840000-memory.dmp

Filesize
1024KB

Download
memory/1508-350-0x00000000052E0000-0x0000000005472000-memory.dmp

Filesize
1.6MB

Download
memory/1508-349-0x0000000075050000-0x0000000075800000-memory.dmp

Filesize
7.7MB

Download
memory/1508-348-0x0000000004FC0000-0x000000000505C000-memory.dmp

Filesize
624KB

Download
memory/1508-347-0x0000000000240000-0x0000000000696000-memory.dmp

Filesize
4.3MB

Download
memory/1508-346-0x0000000075050000-0x0000000075800000-memory.dmp

Filesize
7.7MB

Download
memory/1508-372-0x0000000075050000-0x0000000075800000-memory.dmp

Filesize
7.7MB

Download
memory/3248-32-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-11-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-22-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-23-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-24-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-25-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-26-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-27-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-28-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-29-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-30-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-31-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-0-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-33-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-40-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-47-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-48-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-46-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-45-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-44-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-43-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-42-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-41-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-39-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-37-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-38-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-49-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-36-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-35-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-34-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-50-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-51-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-52-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-53-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-54-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-55-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-56-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-57-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-58-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-59-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-60-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-61-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-62-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-63-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-167-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3248-168-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3248-172-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3248-178-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3248-212-0x0000000002B30000-0x0000000002B31000-memory.dmp

Filesize
4KB

Download
memory/3248-1-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-3-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-2-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-4-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-5-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-6-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-20-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-7-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-13-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-12-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-21-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-14-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-10-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-8-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-9-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-15-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-16-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-17-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-19-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/3248-18-0x000000007FBE0000-0x000000007FBF0000-memory.dmp

Filesize
64KB

Download
memory/4244-301-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/4244-299-0x0000000003110000-0x0000000003146000-memory.dmp

Filesize
216KB

Download
memory/4244-300-0x00000000739D0000-0x0000000074180000-memory.dmp

Filesize
7.7MB

Download
memory/4244-343-0x00000000739D0000-0x0000000074180000-memory.dmp

Filesize
7.7MB

Download
memory/4244-337-0x0000000007A90000-0x0000000007A9A000-memory.dmp

Filesize
40KB

Download
memory/4244-336-0x0000000007A20000-0x0000000007A3A000-memory.dmp

Filesize
104KB

Download
memory/4244-335-0x0000000008060000-0x00000000086DA000-memory.dmp

Filesize
6.5MB

Download
memory/4244-334-0x00000000078B0000-0x0000000007953000-memory.dmp

Filesize
652KB

Download
memory/4244-333-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/4244-332-0x0000000006C90000-0x0000000006CAE000-memory.dmp

Filesize
120KB

Download
memory/4244-322-0x0000000074470000-0x00000000744BC000-memory.dmp

Filesize
304KB

Download
memory/4244-321-0x0000000006CB0000-0x0000000006CE2000-memory.dmp

Filesize
200KB

Download
memory/4244-320-0x000000007FBB0000-0x000000007FBC0000-memory.dmp

Filesize
64KB

Download
memory/4244-319-0x0000000006710000-0x000000000675C000-memory.dmp

Filesize
304KB

Download
memory/4244-318-0x00000000066E0000-0x00000000066FE000-memory.dmp

Filesize
120KB

Download
memory/4244-317-0x0000000006360000-0x00000000066B4000-memory.dmp

Filesize
3.3MB

Download
memory/4244-313-0x00000000061E0000-0x0000000006246000-memory.dmp

Filesize
408KB

Download
memory/4244-306-0x0000000006000000-0x0000000006066000-memory.dmp

Filesize
408KB

Download
memory/4244-305-0x0000000005730000-0x0000000005752000-memory.dmp

Filesize
136KB

Download
memory/4244-302-0x00000000058A0000-0x0000000005EC8000-memory.dmp

Filesize
6.2MB

Download
memory/4244-339-0x0000000007C20000-0x0000000007C31000-memory.dmp

Filesize
68KB

Download
memory/4244-338-0x0000000007C90000-0x0000000007D26000-memory.dmp

Filesize
600KB

Download
memory/4244-340-0x0000000003200000-0x0000000003210000-memory.dmp

Filesize
64KB

Download
memory/4364-370-0x0000000000400000-0x0000000000449000-memory.dmp

Filesize
292KB

Download
memory/4364-382-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-373-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-384-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-374-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-376-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-378-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-379-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-369-0x0000000000A50000-0x0000000000A51000-memory.dmp

Filesize
4KB

Download
memory/4364-377-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-375-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-380-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-385-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-387-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-389-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-388-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-386-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-383-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download
memory/4364-381-0x0000000000B80000-0x0000000000B81000-memory.dmp

Filesize
4KB

Download