Overview

overview

10

Static

static

9

Monotone-H...in.zip

windows10-2004-x64

10

Monotone-H...ox.bat

windows10-2004-x64

1

Monotone-H...on.bat

windows10-2004-x64

1

Monotone-H...rs.exe

windows10-2004-x64

1

Monotone-H...s2.exe

windows10-2004-x64

1

Monotone-H...ew.cfg

windows10-2004-x64

3

Monotone-H...ew.exe

windows10-2004-x64

3

Monotone-H...ck.exe

windows10-2004-x64

7

Monotone-H...te.vbs

windows10-2004-x64

1

Monotone-H...ss.bat

windows10-2004-x64

5

Monotone-H...er.sys

windows10-2004-x64

1

Monotone-H...ut.exe

windows10-2004-x64

3

Monotone-H...en.bat

windows10-2004-x64

1

Monotone-H...ne.exe

windows10-2004-x64

10

Monotone-H...DME.md

windows10-2004-x64

3

Monotone-H...ox.exe

windows10-2004-x64

3

Monotone-H...64.exe

windows10-2004-x64

1

Monotone-H...st.txt

windows10-2004-x64

1

Monotone-H...id.ps1

windows10-2004-x64

3

Monotone-H...ac.txt

windows10-2004-x64

1

Analysis

  • max time kernel
    70s
  • max time network
    65s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    03-01-2025 01:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Monotone-HWID-Spoofer-main.zip

  • Size

    866KB

  • MD5

    05099ece327524d1299eacae745c3b8e

  • SHA1

    7c272e1c1bdaf8aaa43f4fde13313336340b4264

  • SHA256

    14987357393c0163116f2f914a53c42f75ed939c660bb96bee17914a5a6b82c1

  • SHA512

    f8643977bc3c4fc76df0111ed9bf0624c95c4debb23c019d41ac8f54726a0022550e730f1d6901fed1709d0418ee9366a45b66baa3cbb604741b075d654372c2

  • SSDEEP

    24576:qbmpXU4rHIdxSiuW5UqxUGpuVhxFetCJgKY72go:qMk4ruxSi7NxvuPx4tCJgK227

Score
10/10
lummadiscoveryexecutionstealer

Malware Config

Extracted

Family

lumma

C2

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Detected Nirsoft tools 1 IoCs

    Free utilities often used by attackers which can steal passwords, product keys, etc.

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 11 IoCs
  • Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

    Using powershell.exe command.

    execution
  • Enumerates processes with tasklist 1 TTPs 2 IoCs
    discovery
  • Suspicious use of SetThreadContext 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

    Adversaries may check for Internet connectivity on compromised systems.

    discovery
  • Modifies registry class 1 IoCs
  • Runs ping.exe 1 TTPs 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 7 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 36 IoCs

Processes

  • C:\Program Files\7-Zip\7zFM.exe
    "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\Monotone-HWID-Spoofer-main.zip"
    1⤵
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    PID:3964
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:1288
    • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\batbox.exe
      "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\batbox.exe"
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:2316
    • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\batbox.exe
      "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\batbox.exe"
      1⤵
      • Executes dropped EXE
      PID:384
    • C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Box.bat" "
      1⤵
        PID:532
      • C:\Windows\System32\cmd.exe
        "C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Box.bat"
        1⤵
          PID:4832
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Button.bat" "
          1⤵
            PID:2980
          • C:\Windows\system32\cmd.exe
            C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Button.bat" "
            1⤵
              PID:2384
            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\GetInput.exe
              "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\GetInput.exe"
              1⤵
              • Executes dropped EXE
              • System Location Discovery: System Language Discovery
              PID:1208
            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\colorecho-vc10-x86_64.exe
              "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\colorecho-vc10-x86_64.exe"
              1⤵
              • Executes dropped EXE
              PID:2688
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Getlen.bat" "
              1⤵
                PID:924
              • C:\Windows\system32\cmd.exe
                C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Getlen.bat" "
                1⤵
                  PID:4336
                • C:\Windows\system32\cmd.exe
                  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Getlen.bat" "
                  1⤵
                    PID:1288
                  • C:\Windows\System32\notepad.exe
                    "C:\Windows\System32\notepad.exe" "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\hwid.ps1"
                    1⤵
                      PID:1948
                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                      "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\hwid.ps1'"
                      1⤵
                      • Command and Scripting Interpreter: PowerShell
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1960
                    • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe
                      "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe"
                      1⤵
                      • Executes dropped EXE
                      • Suspicious use of SetThreadContext
                      • System Location Discovery: System Language Discovery
                      • Suspicious use of WriteProcessMemory
                      PID:2816
                      • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe
                        "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe"
                        2⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        PID:4680
                    • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe
                      "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe"
                      1⤵
                      • Executes dropped EXE
                      • Suspicious use of SetThreadContext
                      • Suspicious use of WriteProcessMemory
                      PID:3056
                      • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe
                        "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe"
                        2⤵
                        • Executes dropped EXE
                        • System Location Discovery: System Language Discovery
                        PID:2936
                    • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Adapters.exe
                      "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Adapters.exe"
                      1⤵
                      • Executes dropped EXE
                      • Suspicious use of WriteProcessMemory
                      PID:4396
                      • C:\Windows\system32\cmd.exe
                        C:\Windows\system32\cmd.exe /c pause
                        2⤵
                          PID:3648
                      • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\AlternateStreamView.exe
                        "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\AlternateStreamView.exe"
                        1⤵
                        • Executes dropped EXE
                        • Suspicious use of AdjustPrivilegeToken
                        PID:2896
                      • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Block.exe
                        "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Block.exe"
                        1⤵
                        • Checks computer location settings
                        • Executes dropped EXE
                        • Suspicious use of WriteProcessMemory
                        PID:4020
                        • C:\Windows\system32\cmd.exe
                          "C:\Windows\system32\cmd.exe" /c "C:\Users\Admin\AppData\Local\Temp\7625.tmp\7626.tmp\7627.bat C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Block.exe"
                          2⤵
                          • Suspicious use of WriteProcessMemory
                          PID:1872
                          • C:\Windows\system32\PING.EXE
                            ping localhost
                            3⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Runs ping.exe
                            PID:4392
                          • C:\Windows\system32\tasklist.exe
                            tasklist /NH /FI "imagename eq Monotone.exe"
                            3⤵
                            • Enumerates processes with tasklist
                            • Suspicious use of AdjustPrivilegeToken
                            PID:512
                          • C:\Windows\system32\find.exe
                            find /i "Monotone.exe"
                            3⤵
                              PID:1776
                        • C:\Windows\system32\cmd.exe
                          C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\process.bat" "
                          1⤵
                          • Suspicious use of WriteProcessMemory
                          PID:4376
                          • C:\Windows\system32\PING.EXE
                            ping localhost
                            2⤵
                            • System Network Configuration Discovery: Internet Connection Discovery
                            • Runs ping.exe
                            PID:1672
                          • C:\Windows\system32\tasklist.exe
                            tasklist /NH /FI "imagename eq Monotone.exe"
                            2⤵
                            • Enumerates processes with tasklist
                            • Suspicious use of AdjustPrivilegeToken
                            PID:4064
                          • C:\Windows\system32\find.exe
                            find /i "Monotone.exe"
                            2⤵
                              PID:4556
                          • C:\Windows\system32\OpenWith.exe
                            C:\Windows\system32\OpenWith.exe -Embedding
                            1⤵
                            • Modifies registry class
                            • Suspicious use of SetWindowsHookEx
                            PID:1832
                          • C:\Windows\System32\WScript.exe
                            "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\UnbanComplete.vbs"
                            1⤵
                              PID:2268

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Temp\7625.tmp\7626.tmp\7627.bat
                              Filesize

                              234B

                              MD5

                              6bf25f359aa5fbd7e1dd035df781227c

                              SHA1

                              f13a903548ba59fe28e1b6edca19bab5083b806d

                              SHA256

                              db9b3975c87afa294cafdd40cac28ed305d39c6215aa170dc3cf6005e86f9e46

                              SHA512

                              ea91c96d2d8a5c28e4d81af7ac0175b9dcd6757e97925609ac23ce4e1738698c10ffd05ce446610330d6f66b78f01336df1a997d1535ab8d0925eef2de9ae314

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3pvk51nx.m1w.ps1
                              Filesize

                              60B

                              MD5

                              d17fe0a3f47be24a6453e9ef58c94641

                              SHA1

                              6ab83620379fc69f80c0242105ddffd7d98d5d9d

                              SHA256

                              96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                              SHA512

                              5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Box.bat
                              Filesize

                              5KB

                              MD5

                              a95505942d3ebcf724f080b49d4e981f

                              SHA1

                              ed7202c5dd386d050a2a24745399154218569f81

                              SHA256

                              64556d24498bcd280cd7cc248a98ed22c4db921495d825f141af1547c8fdd275

                              SHA512

                              21046716caec7a2b26516ae37f3295445d8c7f1b3502ebcaf41a84469bea1888f0139e813111f1585eff9b27403674e4c61ef4d4a62503f2c1dd820bde8a3476

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Button.bat
                              Filesize

                              5KB

                              MD5

                              96fefe69f2facf74197a8af3004a6167

                              SHA1

                              80baf02b5d984dd8055ac3a6f42593ad98b78307

                              SHA256

                              38aa0c1ad69d96732c776cbd73275f5ccb881d42158158b32815dad869ef9876

                              SHA512

                              1aa6335a5cc340191613c52fa3e55625ed058abad8bd8d5ed1575bb9cd59b19e1fb3fcf3f5df199ea6f9b9d10bdee45e099c9247457b35ea65c7b1e403f0e888

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Adapters.exe
                              Filesize

                              335KB

                              MD5

                              934bbc5411c532964f3bbe42cb1c1785

                              SHA1

                              dcddde340e7f080716abaa456971b9aa85bd084b

                              SHA256

                              b3de6d10d9f94037b88f736609e50a8a4c4d516ca50107dedd575797a654c28e

                              SHA512

                              8db126cb8381fe84afe25b25e854eb8de25e43f2638e0d87740ce3fe33338b032b09d9551655afedecfe39cb7482f88e72ccdb28afb59684474084a28da71cb2

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\AlternateStreamView.cfg
                              Filesize

                              551B

                              MD5

                              d298348206017d0cb04217887a677334

                              SHA1

                              8fd2cf9e5e39213c5316f36b463948c52ca83017

                              SHA256

                              2e44dad813efa86ddbd849a53962c5bdcacc9bcc2039dc09bcb2c25c770f3d8b

                              SHA512

                              517a9d78ba3529308066d619a11d8a3684aaf7428041fae2eb8520f30fc7ec9553f6f58011b63bce030391c2d24fb7b5f7385ec2da21a51ca1264dc7a513b5d9

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\AlternateStreamView.exe
                              Filesize

                              109KB

                              MD5

                              caede4f12ac17f3e0ad8e3c923fd510a

                              SHA1

                              107616433f973110664ceda2ca64c21fb7a92825

                              SHA256

                              669ce40107a2e05fc93dd37df55c77eb155705b449b2e236423e8bb96b9985f0

                              SHA512

                              69898a4d39ba4415da8c8e5eb8a1a012d4db87f24e61f63a50b3af07e65d2aed6cc4b24ed315e5a20dea91fa1903fac92a5eefbbff8b8cb90c7259413cd93162

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\Block.exe
                              Filesize

                              119KB

                              MD5

                              5782b8d469bbc9045ebd2316c2aefbd5

                              SHA1

                              f679adea19ac0e88a50cfefb88825a086102f77d

                              SHA256

                              dfd08e1d7a34bae6836b3915b45b8637b85cdc998198c5bf148fba5e96f15c21

                              SHA512

                              e57ed92d3c916b89e5f830fb52a63b330e404ea91a7cc0e0b0e8cfb03f9bea7252f1fa8fcf3950ae2bd404dcd189eeac27bcdc1cf529acd8ebde0bc5f457d023

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\UnbanComplete.vbs
                              Filesize

                              49B

                              MD5

                              4edf8ecaf575c93e307bdce09aa46e8c

                              SHA1

                              76c189b32fd69a3694e1dd14776cee1c1cc6c483

                              SHA256

                              537f70f7b018610dfedd4bcecf041d845eab0c673e129185c2345eb68a95fe77

                              SHA512

                              ce5921344aadcc9fce5141d416ca92e5772c1c37a0e8724c09c6c2ac579528a21e5fc8659c91db68810763b403fd9760d75102f6c22db84f8f5fe13fefaf6f1a

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Commands\Hidden\process.bat
                              Filesize

                              1001B

                              MD5

                              2d3f9b2d001abd6e58ac6f0e7337c619

                              SHA1

                              7053a604a394f479b643783098adb056d69a404b

                              SHA256

                              ef702ce2f8fb1bc71fb60e8b95cb83cef4fa66aa96afd7ca4fd67c96530b6e53

                              SHA512

                              60d4a7e203e37194f4a78f1c581728197b3cd6581d70e185ba6d0d8206aca3a732319b28fef776028015615ebc0ab164a9c935081cd2496b866c63ad6358fccf

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\GetInput.exe
                              Filesize

                              3KB

                              MD5

                              2ba62ae6f88b11d0e262af35d8db8ca9

                              SHA1

                              69d4ccb476cfebdf572134fead42a12750580e4b

                              SHA256

                              3f5c64717a0092ae214154a730e96e2e56921be2e3f1121a3e98b1ba84627665

                              SHA512

                              a984212245e401b68872623437a512898a00d71cca7d7b0aa6733663020cae92d50ce1ae3abafbd811542a77e72c8b6a5755492c07d6ddeb2642d908142c2ccb

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Getlen.bat
                              Filesize

                              1KB

                              MD5

                              8c1812e76ba7bf09cb87384089a0ab7f

                              SHA1

                              d3edf2ba081073139960a955e812e6bb7f63817b

                              SHA256

                              83ce5342710a2f2e385a363402661e3426728dd6bcfe9d87e22f2fb858b07bde

                              SHA512

                              618abe11f65fe95cdc1f1834bf24ddbbea789c971788af7d2248b880e53d11a3c4302bd8e3c3c36b934f5f7d975d1b142fae8fd23c9ed6cfa118c97e01f6fd14

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\Monotone.exe
                              Filesize

                              393KB

                              MD5

                              3c4161be295e9e9d019ce68dae82d60a

                              SHA1

                              36447fc6418e209dff1bb8a5e576f4d46e3b3296

                              SHA256

                              0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d

                              SHA512

                              cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\batbox.exe
                              Filesize

                              1KB

                              MD5

                              cb4a44baa20ad26bf74615a7fc515a84

                              SHA1

                              2581868c3d560e2b200d4f21d83271430167b377

                              SHA256

                              9553bc17fa0fd08e026c1865812b3388e3d5495a5394bbf671e5a8f21c79989a

                              SHA512

                              d19e6d0ccd89e52efdd2363185564cf83fcf3a37b55659dd1fd8b6574cf45b6147989b2c7b1e8029ce8136aa7ff74900494c1a30bbb65b96d9880ab7f77b6140

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\colorecho-vc10-x86_64.exe
                              Filesize

                              129KB

                              MD5

                              e2f377052409beeebf852803734e007a

                              SHA1

                              4d5e977acc59912bd451edae77ad58d977ed086b

                              SHA256

                              76fe5f9cef2c3a5c4f765d4c45167f4cf26cc6d469031f0d195d96724e9d82a8

                              SHA512

                              d88d3319a32ec3a8475fae03c74b1a5d7d8e92f3f5ffa1bc3326779d7d39e0bd18928a511be1ac965fb1c2e2da1cf0935fea38bbf847f54033887c62b6c842d7

                              Download Submit

                            • C:\Users\Admin\Desktop\Monotone-HWID-Spoofer-main\hwid.ps1
                              Filesize

                              3KB

                              MD5

                              05673d49cc5f31e3d4812b7cb7419641

                              SHA1

                              07b3b298b067439da6e6ae37e51bb1701c33165a

                              SHA256

                              c7c54526b07f457e58d423ab22d61a0efd78ad112be2ef0a1efe6c25013df185

                              SHA512

                              5f5f380a3cad0cf1aa95244d6b1fca4ccdd10c8c882e045405d5600f242b8ed3306f485a3396db9c362f345b79b03d2db79aad7a1d92f09167beea0acf524d32

                              Download Submit

                            • memory/384-43-0x0000000000400000-0x0000000000402000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/1960-54-0x0000019285650000-0x0000019285672000-memory.dmp

                              Filesize

                              136KB

                              Download

                            • memory/2316-41-0x0000000000400000-0x0000000000402000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2316-39-0x0000000000400000-0x0000000000402000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/4680-70-0x0000000000400000-0x0000000000456000-memory.dmp

                              Filesize

                              344KB

                              Download

                            • memory/4680-68-0x0000000000400000-0x0000000000456000-memory.dmp

                              Filesize

                              344KB

                              Download