Overview

overview

10

Static

static

3

FieroHack.exe

windows7-x64

7

FieroHack.exe

windows10-2004-x64

10

#/LoadeSirus.exe

windows7-x64

#/LoadeSirus.exe

windows10-2004-x64

Analysis

  • max time kernel
    68s
  • max time network
    166s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    22-04-2024 14:02

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    FieroHack.exe

  • Size

    676.2MB

  • MD5

    76a3bd6e846f46f5e8b6c7b2f0d29c57

  • SHA1

    cb78a890bdfdb2f499e3d734f9caa0153bf9add0

  • SHA256

    d41b139970b0bab5449bc61bf9d79cd0287e04a7267d19df87dc7b295718cdcf

  • SHA512

    791f68758768373950df5e4dc77385e1f84fa0ac001846b5d4baeb7e330a03bc1b62048c17cfe5f2818b5b8fc06ab5b9c7d3e3b856498be7f11c05db2dd4bf6d

  • SSDEEP

    196608:OY9faXEN+pIePaH5Yl38xc0l6zedTuSkM0da2o:OY+EN+KeyHm6B6z4TuSk5M2o

Score
10/10
lummaxmrigevasionminerpersistencestealer

Malware Config

Extracted

Family

lumma

C2

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • XMRig Miner payload 9 IoCs
    miner
  • Creates new service(s) 1 TTPs
    persistence
  • Stops running service(s) 3 TTPs
    evasion
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 3 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Launches sc.exe 14 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies data under HKEY_USERS 46 IoCs
  • Suspicious behavior: EnumeratesProcesses 23 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs
  • Suspicious use of WriteProcessMemory 27 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\FieroHack.exe
    "C:\Users\Admin\AppData\Local\Temp\FieroHack.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2432
    • C:\Users\Admin\AppData\Roaming\Sirus.exe
      C:\Users\Admin\AppData\Roaming\Sirus.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Suspicious use of NtSetInformationThreadHideFromDebugger
      • Suspicious behavior: EnumeratesProcesses
      PID:4980
      • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        3⤵
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:3864
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:2664
        • C:\Windows\system32\wusa.exe
          wusa /uninstall /kb:890830 /quiet /norestart
          4⤵
            PID:4308
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop UsoSvc
          3⤵
          • Launches sc.exe
          PID:404
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop WaaSMedicSvc
          3⤵
          • Launches sc.exe
          PID:5016
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop wuauserv
          3⤵
          • Launches sc.exe
          PID:2300
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop bits
          3⤵
          • Launches sc.exe
          PID:3524
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop dosvc
          3⤵
          • Launches sc.exe
          PID:3036
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe delete "PDWIFJZS"
          3⤵
          • Launches sc.exe
          PID:2248
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe create "PDWIFJZS" binpath= "C:\ProgramData\yofgvjmxzlhk\qrehadfoimfm.exe" start= "auto"
          3⤵
          • Launches sc.exe
          PID:2688
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop eventlog
          3⤵
          • Launches sc.exe
          PID:4564
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe start "PDWIFJZS"
          3⤵
          • Launches sc.exe
          PID:4964
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Roaming\Sirus.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:3992
          • C:\Windows\system32\choice.exe
            choice /C Y /N /D Y /T 3
            4⤵
              PID:3984
        • C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
          C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
          2⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:3664
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            3⤵
              PID:4508
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              3⤵
                PID:4656
              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                3⤵
                  PID:3860
                • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                  3⤵
                    PID:3504
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=1412 --field-trial-handle=2744,i,16362475727591565961,3676688664819797550,262144 --variations-seed-version /prefetch:8
                1⤵
                  PID:4916
                • C:\ProgramData\yofgvjmxzlhk\qrehadfoimfm.exe
                  C:\ProgramData\yofgvjmxzlhk\qrehadfoimfm.exe
                  1⤵
                  • Executes dropped EXE
                  • Drops file in System32 directory
                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                  • Suspicious behavior: EnumeratesProcesses
                  PID:5008
                  • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
                    C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
                    2⤵
                    • Modifies data under HKEY_USERS
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1496
                  • C:\Windows\system32\cmd.exe
                    C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
                    2⤵
                      PID:2300
                      • C:\Windows\system32\wusa.exe
                        wusa /uninstall /kb:890830 /quiet /norestart
                        3⤵
                          PID:4728
                      • C:\Windows\system32\sc.exe
                        C:\Windows\system32\sc.exe stop UsoSvc
                        2⤵
                        • Launches sc.exe
                        PID:1788
                      • C:\Windows\system32\sc.exe
                        C:\Windows\system32\sc.exe stop WaaSMedicSvc
                        2⤵
                        • Launches sc.exe
                        PID:2484
                      • C:\Windows\system32\sc.exe
                        C:\Windows\system32\sc.exe stop wuauserv
                        2⤵
                        • Launches sc.exe
                        PID:3084
                      • C:\Windows\system32\sc.exe
                        C:\Windows\system32\sc.exe stop bits
                        2⤵
                        • Launches sc.exe
                        PID:2248
                      • C:\Windows\system32\sc.exe
                        C:\Windows\system32\sc.exe stop dosvc
                        2⤵
                        • Launches sc.exe
                        PID:3484
                      • C:\Windows\system32\conhost.exe
                        C:\Windows\system32\conhost.exe
                        2⤵
                          PID:1596
                        • C:\Windows\explorer.exe
                          explorer.exe
                          2⤵
                            PID:2336

                        Network

                        MITRE ATT&CK Matrix ATT&CK v13

                        Initial Access

                        Execution

                        Persistence

                        Create or Modify System Process

                        2
                        T1543

                        Windows Service

                        2
                        T1543.003

                        Privilege Escalation

                        Create or Modify System Process

                        2
                        T1543

                        Windows Service

                        2
                        T1543.003

                        Defense Evasion

                        Impair Defenses

                        1
                        T1562

                        Credential Access

                        Discovery

                        System Information Discovery

                        1
                        T1082

                        Lateral Movement

                        Collection

                        Exfiltration

                        Command and Control

                        Impact

                        Service Stop

                        1
                        T1489

                        Resource Development

                        Reconnaissance

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • C:\ProgramData\yofgvjmxzlhk\qrehadfoimfm.exe
                          Filesize

                          178.4MB

                          MD5

                          1d9f607abbcd6f95c4c6cb9224e4a55f

                          SHA1

                          bcaf583ff813831538e461f1b375b9dd3d7a68c0

                          SHA256

                          4c4fc09b7e4ab4250ba94669c51f49978b4c130368a4114332ebdceba092d738

                          SHA512

                          c21d46e19529fd9c0249c8ad89fcbb5e49acbbf921b3dd50a9274153e75856b9d32286103e344efb378959dcaa4a45ef3b552d8b2c9451e47970db5999804169

                          Download Submit
                        • C:\ProgramData\yofgvjmxzlhk\qrehadfoimfm.exe
                          Filesize

                          179.4MB

                          MD5

                          d783172172989512000776864f9efd78

                          SHA1

                          287eb4d5128ed0419f0259435b9112bece6115b5

                          SHA256

                          eb7cd19c24d73a8fd1c74cee48aa9de9600315232d956657039c8fe352af8e9a

                          SHA512

                          0649df9c5cb02e3d999c03791923eee2cb76f96292e4915d803b9763279b91466e995ab3c56e3b2a150e8061a8e58f45e9cf8b988be89a080c99ed2379159c1b

                          Download Submit
                        • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_cnun1dn0.beu.ps1
                          Filesize

                          60B

                          MD5

                          d17fe0a3f47be24a6453e9ef58c94641

                          SHA1

                          6ab83620379fc69f80c0242105ddffd7d98d5d9d

                          SHA256

                          96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                          SHA512

                          5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                          Download Submit
                        • C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
                          Filesize

                          252.1MB

                          MD5

                          e126d25dff143bd28f23d1a2b3585d43

                          SHA1

                          cf5cea086003a46dc2896553585e9969a84ea482

                          SHA256

                          c155666a36630cfdf8d87414b01c9fe4f1da6ee4442867ea627a55f8d754911a

                          SHA512

                          f37ed49475418e3122cfa3dba0f7bfd422052b4cc9ad577e25384083e31b29e872b3b59b349bec7de6e24033e950efc1e475ca72ede1d66efeb21f227f246f1b

                          Download Submit
                        • C:\Users\Admin\AppData\Roaming\LoadeSirus.exe
                          Filesize

                          252.4MB

                          MD5

                          b5e500d806dceaf86d1b5eb64cef3650

                          SHA1

                          db96af3891fd0a62195d9baf5bd0cb9f83cdb22e

                          SHA256

                          f8e50008637a098cc1f123ec79929abb493c5cacc9f7fd4fa17ef34b37cc10ec

                          SHA512

                          292caa05f3acba1bae495fa14c5b1db74c9066c91732b52aa6b40ee1f34e4bb96105b9d35feda811e4a2c84185586a28edc51918a6626becc2d34ab7d67f0bf3

                          Download Submit
                        • C:\Users\Admin\AppData\Roaming\Sirus.exe
                          Filesize

                          273.6MB

                          MD5

                          7b010ec56ff47b983eb4941a1e6b545c

                          SHA1

                          9b60730daab56f176e9c0ebf70e977df0ab14950

                          SHA256

                          265fe4639695ceaeb236714625f6cd8cfae5961d88cde5eb79b7b0689a9c62d6

                          SHA512

                          6290930fccd6b3c02237f0bf9f3a52e07e4f0bb68dd68b62ce2df21368628afc75fac8a99c39ce52a0d9e16ae53200e54e8ff25433896e0c7a20ff727eb6750c

                          Download Submit
                        • C:\Users\Admin\AppData\Roaming\Sirus.exe
                          Filesize

                          273.9MB

                          MD5

                          17a1e4c00cc515aba03d3e473a8b62b1

                          SHA1

                          750b796ab81f3a8717ed0bf9a51eda4f8ffdc2af

                          SHA256

                          85a119284a7ea4b3d9bb5f2dbeff7159ea003e05bfa096fa4554ab2613ccb5eb

                          SHA512

                          6473fc6fc7c82fda311e56742936d01bdc37f609e7a9deba4c999b4d784820c3c6d5d80e641eefb149dd04efa80b2ad48cb85edf1bc0f7a5ffb6b023f4ea5d45

                          Download Submit
                        • memory/1496-107-0x000001F8DF540000-0x000001F8DF55C000-memory.dmp
                          Filesize

                          112KB

                          Download
                        • memory/1496-111-0x000001F8DF560000-0x000001F8DF566000-memory.dmp
                          Filesize

                          24KB

                          Download
                        • memory/1496-106-0x000001F8DF0F0000-0x000001F8DF0FA000-memory.dmp
                          Filesize

                          40KB

                          Download
                        • memory/1496-104-0x000001F8DF300000-0x000001F8DF31C000-memory.dmp
                          Filesize

                          112KB

                          Download
                        • memory/1496-108-0x000001F8DF520000-0x000001F8DF52A000-memory.dmp
                          Filesize

                          40KB

                          Download
                        • memory/1496-109-0x000001F8DF580000-0x000001F8DF59A000-memory.dmp
                          Filesize

                          104KB

                          Download
                        • memory/1496-110-0x000001F8DF530000-0x000001F8DF538000-memory.dmp
                          Filesize

                          32KB

                          Download
                        • memory/1496-105-0x000001F8DF320000-0x000001F8DF3D5000-memory.dmp
                          Filesize

                          724KB

                          Download
                        • memory/1496-112-0x000001F8DF570000-0x000001F8DF57A000-memory.dmp
                          Filesize

                          40KB

                          Download
                        • memory/1496-94-0x00007FF4FBDC0000-0x00007FF4FBDD0000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/1496-93-0x000001F8C68A0000-0x000001F8C68B0000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/1496-113-0x000001F8C68A0000-0x000001F8C68B0000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/1496-92-0x000001F8C68A0000-0x000001F8C68B0000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/1496-91-0x00007FF82CF00000-0x00007FF82D9C1000-memory.dmp
                          Filesize

                          10.8MB

                          Download
                        • memory/1496-116-0x00007FF82CF00000-0x00007FF82D9C1000-memory.dmp
                          Filesize

                          10.8MB

                          Download
                        • memory/1596-120-0x0000000140000000-0x000000014000E000-memory.dmp
                          Filesize

                          56KB

                          Download
                        • memory/1596-119-0x0000000140000000-0x000000014000E000-memory.dmp
                          Filesize

                          56KB

                          Download
                        • memory/1596-124-0x0000000140000000-0x000000014000E000-memory.dmp
                          Filesize

                          56KB

                          Download
                        • memory/1596-121-0x0000000140000000-0x000000014000E000-memory.dmp
                          Filesize

                          56KB

                          Download
                        • memory/1596-118-0x0000000140000000-0x000000014000E000-memory.dmp
                          Filesize

                          56KB

                          Download
                        • memory/1596-117-0x0000000140000000-0x000000014000E000-memory.dmp
                          Filesize

                          56KB

                          Download
                        • memory/2336-125-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-126-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-127-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-128-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-129-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-130-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-131-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-132-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-133-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-136-0x0000000140000000-0x0000000140840000-memory.dmp
                          Filesize

                          8.2MB

                          Download
                        • memory/2336-138-0x0000000000F40000-0x0000000000F60000-memory.dmp
                          Filesize

                          128KB

                          Download
                        • memory/2336-147-0x00000000119D0000-0x00000000119F0000-memory.dmp
                          Filesize

                          128KB

                          Download
                        • memory/3504-34-0x0000000000400000-0x000000000044E000-memory.dmp
                          Filesize

                          312KB

                          Download
                        • memory/3504-53-0x0000000000400000-0x000000000044E000-memory.dmp
                          Filesize

                          312KB

                          Download
                        • memory/3504-30-0x0000000000400000-0x000000000044E000-memory.dmp
                          Filesize

                          312KB

                          Download
                        • memory/3504-33-0x0000000000400000-0x000000000044E000-memory.dmp
                          Filesize

                          312KB

                          Download
                        • memory/3664-29-0x0000000000EC0000-0x0000000000FED000-memory.dmp
                          Filesize

                          1.2MB

                          Download
                        • memory/3664-31-0x0000000000EC0000-0x0000000000FED000-memory.dmp
                          Filesize

                          1.2MB

                          Download
                        • memory/3864-35-0x00000212B62A0000-0x00000212B62C2000-memory.dmp
                          Filesize

                          136KB

                          Download
                        • memory/3864-45-0x00007FF82CDE0000-0x00007FF82D8A1000-memory.dmp
                          Filesize

                          10.8MB

                          Download
                        • memory/3864-46-0x000002129DC10000-0x000002129DC20000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/3864-47-0x000002129DC10000-0x000002129DC20000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/3864-49-0x000002129DC10000-0x000002129DC20000-memory.dmp
                          Filesize

                          64KB

                          Download
                        • memory/3864-52-0x00007FF82CDE0000-0x00007FF82D8A1000-memory.dmp
                          Filesize

                          10.8MB

                          Download
                        • memory/4980-63-0x00007FF84C230000-0x00007FF84C2CE000-memory.dmp
                          Filesize

                          632KB

                          Download
                        • memory/4980-48-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-60-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-62-0x00007FF84B460000-0x00007FF84B729000-memory.dmp
                          Filesize

                          2.8MB

                          Download
                        • memory/4980-61-0x00007FF84DBB0000-0x00007FF84DDA5000-memory.dmp
                          Filesize

                          2.0MB

                          Download
                        • memory/4980-58-0x00007FF84C230000-0x00007FF84C2CE000-memory.dmp
                          Filesize

                          632KB

                          Download
                        • memory/4980-55-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-54-0x000001CCD5380000-0x000001CCD53C5000-memory.dmp
                          Filesize

                          276KB

                          Download
                        • memory/4980-5-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-4-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-6-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-18-0x00007FF84DBB0000-0x00007FF84DDA5000-memory.dmp
                          Filesize

                          2.0MB

                          Download
                        • memory/4980-7-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-8-0x000001CCD5380000-0x000001CCD53C5000-memory.dmp
                          Filesize

                          276KB

                          Download
                        • memory/4980-9-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-10-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-11-0x000001CCD5380000-0x000001CCD53C5000-memory.dmp
                          Filesize

                          276KB

                          Download
                        • memory/4980-15-0x00007FF84C230000-0x00007FF84C2CE000-memory.dmp
                          Filesize

                          632KB

                          Download
                        • memory/4980-16-0x000001CCD6A00000-0x000001CCD6A01000-memory.dmp
                          Filesize

                          4KB

                          Download
                        • memory/4980-17-0x00007FF7A53E0000-0x00007FF7A6024000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/4980-19-0x00007FF84B460000-0x00007FF84B729000-memory.dmp
                          Filesize

                          2.8MB

                          Download
                        • memory/4980-20-0x00007FF84C230000-0x00007FF84C2CE000-memory.dmp
                          Filesize

                          632KB

                          Download
                        • memory/5008-78-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-67-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-68-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-69-0x00000241E1650000-0x00000241E1695000-memory.dmp
                          Filesize

                          276KB

                          Download
                        • memory/5008-70-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-71-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-72-0x00000241E1650000-0x00000241E1695000-memory.dmp
                          Filesize

                          276KB

                          Download
                        • memory/5008-76-0x00007FF84C230000-0x00007FF84C2CE000-memory.dmp
                          Filesize

                          632KB

                          Download
                        • memory/5008-79-0x00007FF84DBB0000-0x00007FF84DDA5000-memory.dmp
                          Filesize

                          2.0MB

                          Download
                        • memory/5008-66-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-137-0x00007FF84DBB0000-0x00007FF84DDA5000-memory.dmp
                          Filesize

                          2.0MB

                          Download
                        • memory/5008-80-0x00007FF84B460000-0x00007FF84B729000-memory.dmp
                          Filesize

                          2.8MB

                          Download
                        • memory/5008-135-0x00007FF7CBF10000-0x00007FF7CCB54000-memory.dmp
                          Filesize

                          12.3MB

                          Download
                        • memory/5008-141-0x00000241E1650000-0x00000241E1695000-memory.dmp
                          Filesize

                          276KB

                          Download
                        • memory/5008-81-0x00007FF84C230000-0x00007FF84C2CE000-memory.dmp
                          Filesize

                          632KB

                          Download