Overview

overview

10

Static

static

1

file.exe

windows7-x64

10

file.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    133s
  • max time network
    137s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    30-09-2024 11:58

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    file.exe

  • Size

    404KB

  • MD5

    3c9241d0ce97c159d6cfaa49f602fafd

  • SHA1

    3a0320d338544496cb2ed6952d52e740c7f25d03

  • SHA256

    a73c4d134f180b9f4047f9be94f3f36b3a2e34469f8c90f70d964778efdc6adc

  • SHA512

    e7a86d0e92be6c741d53e505d712034f24cc9951fbb0015e6c46b97399eaa358c216de63930728fc1ca7edaaf3ceca3ed1dcab0e1c7bf0c384ba78d22615e9d4

  • SSDEEP

    12288:Dpn81p29d9YRhTe4kashZFxfNvJKXZYDJEO:1Sp29d9YRhi4kasRxfNxfJt

Score
10/10
lummastealcvidar514d77849a01ff8ab7dd99d5f0a2e19ea669a86f8433a1e88901711c0f772c97defaultcredential_accessdiscoveryspywarestealer

Malware Config

Extracted

Family

vidar

Version

11

Botnet

514d77849a01ff8ab7dd99d5f0a2e19e

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

lumma

Extracted

Family

vidar

Version

11

Botnet

a669a86f8433a1e88901711c0f772c97

C2

https://t.me/jamsemlg

https://steamcommunity.com/profiles/76561199780418869

https://t.me/ae5ed
Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0

Extracted

Family

stealc

Botnet

default

C2

http://46.8.231.109

Attributes
  • url_path

    /c4754d4f680ead72.php

Extracted

Family

lumma

C2

https://underlinemdsj.site/api

Signatures

  • Detect Vidar Stealer 22 IoCs
    stealer
  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

    stealervidar
  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 5 IoCs
  • Loads dropped DLL 4 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

    credential_accessstealer
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Suspicious use of SetThreadContext 6 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 1 IoCs
    evasion
  • Suspicious behavior: EnumeratesProcesses 20 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\file.exe
    "C:\Users\Admin\AppData\Local\Temp\file.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:3312
    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
      2⤵
        PID:376
      • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
        2⤵
        • Checks computer location settings
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        • Checks processor information in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:2908
        • C:\ProgramData\DAEGIIECGH.exe
          "C:\ProgramData\DAEGIIECGH.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3588
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            PID:2516
        • C:\ProgramData\KFHCAEGCBF.exe
          "C:\ProgramData\KFHCAEGCBF.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:3172
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
            • System Location Discovery: System Language Discovery
            • Checks processor information in registry
            • Suspicious behavior: EnumeratesProcesses
            PID:3116
        • C:\ProgramData\GHCGDAFCFH.exe
          "C:\ProgramData\GHCGDAFCFH.exe"
          3⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • System Location Discovery: System Language Discovery
          • Suspicious use of WriteProcessMemory
          PID:4996
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            4⤵
              PID:448
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              4⤵
              • Checks computer location settings
              • Loads dropped DLL
              • System Location Discovery: System Language Discovery
              • Checks processor information in registry
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of WriteProcessMemory
              PID:2784
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminBAAAKJDAAF.exe"
                5⤵
                • System Location Discovery: System Language Discovery
                • Suspicious use of WriteProcessMemory
                PID:4192
                • C:\Users\AdminBAAAKJDAAF.exe
                  "C:\Users\AdminBAAAKJDAAF.exe"
                  6⤵
                  • Executes dropped EXE
                  • Suspicious use of SetThreadContext
                  • System Location Discovery: System Language Discovery
                  PID:3028
                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                    7⤵
                    • System Location Discovery: System Language Discovery
                    • Checks processor information in registry
                    • Suspicious behavior: EnumeratesProcesses
                    PID:1524
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\AdminDGDBAKKJKK.exe"
                5⤵
                • System Location Discovery: System Language Discovery
                PID:1656
                • C:\Users\AdminDGDBAKKJKK.exe
                  "C:\Users\AdminDGDBAKKJKK.exe"
                  6⤵
                  • Executes dropped EXE
                  • Suspicious use of SetThreadContext
                  • System Location Discovery: System Language Discovery
                  PID:2420
                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                    7⤵
                    • System Location Discovery: System Language Discovery
                    PID:4516
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\JDHIEBFHCAKE" & exit
            3⤵
            • System Location Discovery: System Language Discovery
            • Suspicious use of WriteProcessMemory
            PID:2240
            • C:\Windows\SysWOW64\timeout.exe
              timeout /t 10
              4⤵
              • System Location Discovery: System Language Discovery
              • Delays execution with timeout.exe
              PID:4620

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\ProgramData\DAEGIIECGH.exe
        Filesize

        371KB

        MD5

        32c2e31313c3df4a7a36c72503a5beba

        SHA1

        1c88051112dab0e306cadd9ee5d65f8dc229f079

        SHA256

        f1fa2872fcd33c6dbce8d974c0c0381c0762d46a53ceaca14a29727ad02baef3

        SHA512

        ee04d786e53f7fa203dbc4f8c018c72a907dabbd2d1c57e219b2ccc2dbd9d79a4ee8580b98f9b5c5024e628c0207cdd2bf93b9468e457f4ee00326c7c689f1ae

        Download Submit

      • C:\ProgramData\DGDBAKKJKKEC\DHCAAE
        Filesize

        40KB

        MD5

        a182561a527f929489bf4b8f74f65cd7

        SHA1

        8cd6866594759711ea1836e86a5b7ca64ee8911f

        SHA256

        42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

        SHA512

        9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

        Download Submit

      • C:\ProgramData\DGDBAKKJKKEC\DHCAAE
        Filesize

        160KB

        MD5

        f310cf1ff562ae14449e0167a3e1fe46

        SHA1

        85c58afa9049467031c6c2b17f5c12ca73bb2788

        SHA256

        e187946249cd390a3c1cf5d4e3b0d8f554f9acdc416bf4e7111fff217bb08855

        SHA512

        1196371de08c964268c44103ccaed530bda6a145df98e0f480d8ee5ad58cb6fb33ca4c9195a52181fe864726dcf52e6a7a466d693af0cda43400a3a7ef125fad

        Download Submit

      • C:\ProgramData\DGDBAKKJKKEC\DHCAAE
        Filesize

        20KB

        MD5

        a603e09d617fea7517059b4924b1df93

        SHA1

        31d66e1496e0229c6a312f8be05da3f813b3fa9e

        SHA256

        ccd15f9c7a997ae2b5320ea856c7efc54b5055254d41a443d21a60c39c565cb7

        SHA512

        eadb844a84f8a660c578a2f8e65ebcb9e0b9ab67422be957f35492ff870825a4b363f96fd1c546eaacfd518f6812fcf57268ef03c149e5b1a7af145c7100e2cc

        Download Submit

      • C:\ProgramData\EGCBFIEH
        Filesize

        114KB

        MD5

        2e5b34ca73bac7d39579ae5af5c50268

        SHA1

        910b0865cce750b73e308d0c9314edcdcf4162bb

        SHA256

        79f7541d73ed1744fbc041fdeaf95cae2e2a43cf9d73f6d9476b67a5c2ea9695

        SHA512

        95dcb404558da6bf1b58640440f3e26b13bf53b8fe05932e85b85dea7e629a544f2bfef094fdd23fd2ad0692297aad338e23c9e6e516e5c852d6d7c1c97249fc

        Download Submit

      • C:\ProgramData\GHCGDAFCFH.exe
        Filesize

        326KB

        MD5

        2832fbde1cf7ea83bd6fd6a4a5e8fe15

        SHA1

        1ced7a749d257091e0c3b75605fd3bc005e531de

        SHA256

        2b8bcd9d7d072feb114e0436dc10aa80fda52cdd46a4948ea1ae984f74898375

        SHA512

        c69f1197a0c74d057ab569d35c9af675fc465ce6abcc6c8fc32b316d3586871a426d7ab904c43827be7413748f0f45f7f3689076ca031fd858a4a8abf78b9299

        Download Submit

      • C:\ProgramData\HIJJDGDHDGDAKFIECFIJ
        Filesize

        11KB

        MD5

        30fb5bda6c0194802b57e923b4aa4bf2

        SHA1

        d592122c1eb5d1f535010dbefb4011f446e21b7f

        SHA256

        a8054bc3bddd7209e177f731316e7e14fda3f89f29f0be0e8410392596bdd54b

        SHA512

        a43ff15518cf6a4e69928ec9ceebcd194c710136947c54a7686d7e0aa34005c57dbb6447fc9d01ec945b0ad5794bd1b185ef7b02364d1867d5ab19346ff5ed33

        Download Submit

      • C:\ProgramData\JEHDHIEG
        Filesize

        116KB

        MD5

        f70aa3fa04f0536280f872ad17973c3d

        SHA1

        50a7b889329a92de1b272d0ecf5fce87395d3123

        SHA256

        8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

        SHA512

        30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

        Download Submit

      • C:\ProgramData\KFHCAEGCBF.exe
        Filesize

        404KB

        MD5

        38dabc7063c0a175a12c30bd44cf3dbc

        SHA1

        6d7aabebd8a417168e220c7497f4bc38c314da3b

        SHA256

        de664956d799e59e1cca0788d545922ee420e3afdcf277442f148f52bc78df89

        SHA512

        674760ad37cf7886ca4cd786e4d1966d3827fdad008a85a125e18bd474d073dae8d4296427253bb86e78d3173a300611ee5eb2e01c1f968700679350fc17a24d

        Download Submit

      • C:\ProgramData\freebl3.dll
        Filesize

        240KB

        MD5

        d751e0d6db93edfcc7a9a326bc5f83d4

        SHA1

        f40c052ece2193f521ede2d45579e9deea7e5fe8

        SHA256

        0793179434f77862d8a06dcf9ca57b58d40bbf06f01777a8719cf7325952ab0e

        SHA512

        75f7ee51a5a5b03f0531954ccde40f1e09e8ca18140523f6471b547361101180dd86947ffbb4110ebc9802ef6218e2266cbcc1caf04e7e73a8f51d4197733af5

        Download Submit

      • C:\ProgramData\mozglue.dll
        Filesize

        18KB

        MD5

        81e0384d154b8b0ba47193c866ac4d90

        SHA1

        cf9ce7f5c0a54501477e806f830ff6175a632ce3

        SHA256

        3de434fd794632b2cad9de7a5c25420fd9179258bf1c0f788bceae9a4f26d364

        SHA512

        32e46aa7359ccded4be406013e83e30d1db5fd40a1e4acb805db213f989a8f036d42aad56e4835ebf60e534880eeed0cfcf886e2f27262f89484f83d2bfb6129

        Download Submit

      • C:\ProgramData\mozglue.dll
        Filesize

        593KB

        MD5

        c8fd9be83bc728cc04beffafc2907fe9

        SHA1

        95ab9f701e0024cedfbd312bcfe4e726744c4f2e

        SHA256

        ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

        SHA512

        fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

        Download Submit

      • C:\ProgramData\msvcp140.dll
        Filesize

        28KB

        MD5

        dfe2207c195deb014deb374f2720af30

        SHA1

        3c8bb6e83413b6222833a164af81725de2b04480

        SHA256

        1ea32379d551036dbdafdccb991c8c8412dbcf59aea3a9410e48f34ff2778e25

        SHA512

        6a168fe4e31526e577625812ec9c0847cece5910bd9a698c665fdff6f4fa8f03a482160322359d765f32054a6c4de09fc3bede9f7d71ea1147dbdf493e22cbc3

        Download Submit

      • C:\ProgramData\nss3.dll
        Filesize

        2.0MB

        MD5

        1cc453cdf74f31e4d913ff9c10acdde2

        SHA1

        6e85eae544d6e965f15fa5c39700fa7202f3aafe

        SHA256

        ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

        SHA512

        dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

        Download Submit

      • C:\ProgramData\vcruntime140.dll
        Filesize

        78KB

        MD5

        a37ee36b536409056a86f50e67777dd7

        SHA1

        1cafa159292aa736fc595fc04e16325b27cd6750

        SHA256

        8934aaeb65b6e6d253dfe72dea5d65856bd871e989d5d3a2a35edfe867bb4825

        SHA512

        3a7c260646315cf8c01f44b2ec60974017496bd0d80dd055c7e43b707cadba2d63aab5e0efd435670aa77886ed86368390d42c4017fc433c3c4b9d1c47d0f356

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\AdminBAAAKJDAAF.exe.log
        Filesize

        425B

        MD5

        4eaca4566b22b01cd3bc115b9b0b2196

        SHA1

        e743e0792c19f71740416e7b3c061d9f1336bf94

        SHA256

        34ba0ab8d1850e7825763f413142a333ccbc05fa2b5499a28a7d27b8a1c5b4bb

        SHA512

        bc2b1bf45203e3bb3009a7d37617b8f0f7ffa613680b32de2b963e39d2cf1650614d7035a0cf78f35a4f5cb17a2a439e2e07deaefd2a4275a62efd0a5c0184a1

        Download Submit

      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\H9MX5QVK\sql[1].dll
        Filesize

        2.3MB

        MD5

        90e744829865d57082a7f452edc90de5

        SHA1

        833b178775f39675fa4e55eab1032353514e1052

        SHA256

        036a57102385d7f0d7b2deacf932c1c372ae30d924365b7a88f8a26657dd7550

        SHA512

        0a2d112ff7cb806a74f5ec17fe097d28107bb497d6ed5ad28ea47e6795434ba903cdb49aaf97a9a99c08cd0411f1969cad93031246dc107c26606a898e570323

        Download Submit

      • memory/1524-280-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/1524-279-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2516-108-0x0000000000400000-0x0000000000463000-memory.dmp

        Filesize

        396KB

        Download

      • memory/2516-105-0x0000000000400000-0x0000000000463000-memory.dmp

        Filesize

        396KB

        Download

      • memory/2516-111-0x0000000000400000-0x0000000000463000-memory.dmp

        Filesize

        396KB

        Download

      • memory/2784-152-0x0000000061E00000-0x0000000061EF3000-memory.dmp

        Filesize

        972KB

        Download

      • memory/2784-151-0x0000000000400000-0x0000000000661000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2784-149-0x0000000000400000-0x0000000000661000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/2908-48-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-12-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-3-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-8-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-88-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-6-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-47-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-13-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-87-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-86-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-79-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-31-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-30-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/2908-16-0x00000000223D0000-0x000000002262F000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3116-227-0x00000000225B0000-0x000000002280F000-memory.dmp

        Filesize

        2.4MB

        Download

      • memory/3116-241-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3116-127-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3116-129-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3116-131-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3116-224-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3116-225-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3116-242-0x0000000000400000-0x0000000000676000-memory.dmp

        Filesize

        2.5MB

        Download

      • memory/3172-125-0x00000000001B0000-0x000000000021A000-memory.dmp

        Filesize

        424KB

        Download

      • memory/3312-0-0x000000007508E000-0x000000007508F000-memory.dmp

        Filesize

        4KB

        Download

      • memory/3312-11-0x0000000075080000-0x0000000075830000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3312-1-0x0000000000D70000-0x0000000000DDA000-memory.dmp

        Filesize

        424KB

        Download

      • memory/3312-56-0x0000000075080000-0x0000000075830000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3588-110-0x00000000729E0000-0x0000000073190000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3588-103-0x00000000001C0000-0x0000000000220000-memory.dmp

        Filesize

        384KB

        Download

      • memory/3588-278-0x00000000729E0000-0x0000000073190000-memory.dmp

        Filesize

        7.7MB

        Download

      • memory/3588-102-0x00000000729EE000-0x00000000729EF000-memory.dmp

        Filesize

        4KB

        Download

      • memory/4516-277-0x0000000000400000-0x0000000000463000-memory.dmp

        Filesize

        396KB

        Download

      • memory/4996-147-0x0000000000840000-0x0000000000896000-memory.dmp

        Filesize

        344KB

        Download