21e01f5797bf2dd4db54a1d23d094ef9355e286c676be64f315a27764ecaaf08

Analysis

max time kernel
59s
max time network
30s
platform
windows11-21h2_x64
resource
win11-20240426-en
resource tags

arch:x64arch:x86image:win11-20240426-enlocale:en-usos:windows11-21h2-x64system
submitted
04/05/2024, 15:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

lite.exe
Size

6.5MB
MD5

103e3b966147832d7f5c4cab340d627a
SHA1

e12106d7f465db77dcbbc7edc8d95d88c193c1f3
SHA256

21e01f5797bf2dd4db54a1d23d094ef9355e286c676be64f315a27764ecaaf08
SHA512

fa8efdd9b64fb0e3fe66905d12b7cc440d321fd39662b1ed7c5ff1eec8114e7cb0b6609c616cbb0601420b2be106eedaa65af69e0032c0b2acc7acb4d14a15c2
SSDEEP

98304:lBDy1AkaBjpU3jaQrwEzyHzYylxaYDtat953MbJUiS/RXSspuJjd/Xttzh8hija:jy1ANtiSEzjyjtaBcWiS5ORd/dtzhyi+

Score

9^/10

evasion themida trojan

Malware Config

Signatures

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	lite.exe

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	lite.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	lite.exe

Themida packer 4 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1132-0-0x00007FF725530000-0x00007FF726744000-memory.dmp	themida
behavioral1/memory/1132-2-0x00007FF725530000-0x00007FF726744000-memory.dmp	themida
behavioral1/memory/1132-4-0x00007FF725530000-0x00007FF726744000-memory.dmp	themida
behavioral1/memory/1132-3-0x00007FF725530000-0x00007FF726744000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	lite.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 1 IoCs

pid	Process
1132	lite.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133593106938411690"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1132	lite.exe
1132	lite.exe
1492	chrome.exe
1492	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe
Token: SeShutdownPrivilege	1492	chrome.exe
Token: SeCreatePagefilePrivilege	1492	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe
1492	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1492 wrote to memory of 2100	1492	chrome.exe	84
PID 1492 wrote to memory of 2100	1492	chrome.exe	84
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 3212	1492	chrome.exe	85
PID 1492 wrote to memory of 4532	1492	chrome.exe	86
PID 1492 wrote to memory of 4532	1492	chrome.exe	86
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87
PID 1492 wrote to memory of 5068	1492	chrome.exe	87

C:\Users\Admin\AppData\Local\Temp\lite.exe
"C:\Users\Admin\AppData\Local\Temp\lite.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
PID:1132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd7d3cab58,0x7ffd7d3cab68,0x7ffd7d3cab78
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:2
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3184 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4436 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4448 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4448 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4316 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4748 --field-trial-handle=1844,i,3520186335688188791,19272023196863720,131072 /prefetch:8
  2⤵
  PID:5092

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1204

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b2bbdbd4e76e8f2471113ed33f5211b1

SHA1
7c2ec3a2c631c644810426e17879d2e3160b5af6

SHA256
275a999f8c1c1c734bd5e32725be45783e770b8d54cb54e609b798aced065ab2

SHA512
49db688d034626d8ea5f60eae08a292c41352f543c39bdccb850eaa7f293e357ccaf8af0b6cef66d0f3f79bf7448f68b309d84109ba1523348b3eef18a44d565

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
432e2164e7a77508260d561c73c6976e

SHA1
50964c90bde252513b5616d254dbca0fbdca14f0

SHA256
af9a9e4c3e19ac0de6aa8af3a96f1d734349f85b076435493e8331bb0f5b212b

SHA512
5d8d7439a5af08335969bc6d95dcc57f281368d81400639a2795d25712dc06180554828a94e742711d8d517250b3a626b388308ce04269c9bef89a3b36db9012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
b4dda2a6c09e6213283d78f44f5baa2e

SHA1
2eea935f2ec26162d3e2133792b63d6c982c4e1b

SHA256
1d5ced74425e6ce0cb8b4cd90eeea26618038a7c4dc2063aea534b74ecd41b93

SHA512
075fc42024cf18f4b95476c7f5c8dc386f176301c05f01f30519dccc6c4be469840c23bb4e122d2aead3a0dea81cd892b8998083e43a5e66c18dc056d66160dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
4771aca751de2d08a3d4eb80b4aee554

SHA1
a7450558bbe47c2f130b60167324e7a103c25a86

SHA256
920ee9af6cffacc504f81f9ebf2e6def66da4b3ca1bd9b78fd1eacbccc5c6a4f

SHA512
3ce9b59328d533ed18019dd1f0fb625fa188fda2621b51eaada6afde219b626e33c6e3c05d96874c59eafe1a7973886fcacfb92f0935d7a73d0d789232f972b5

Download Submit
memory/1132-0-0x00007FF725530000-0x00007FF726744000-memory.dmp

Filesize
18.1MB

Download
memory/1132-1-0x00007FFD8C987000-0x00007FFD8C989000-memory.dmp

Filesize
8KB

Download
memory/1132-2-0x00007FF725530000-0x00007FF726744000-memory.dmp

Filesize
18.1MB

Download
memory/1132-4-0x00007FF725530000-0x00007FF726744000-memory.dmp

Filesize
18.1MB

Download
memory/1132-3-0x00007FF725530000-0x00007FF726744000-memory.dmp

Filesize
18.1MB

Download
memory/1132-6-0x00007FF725530000-0x00007FF726744000-memory.dmp

Filesize
18.1MB

Download