Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/b...

windows10-2004-x64

10

Analysis

  • max time kernel
    37s
  • max time network
    33s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/01/2025, 13:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

https://fancywaxxers.shop/api

Extracted

Family

lumma

C2

https://fancywaxxers.shop/api

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Suspicious use of SetThreadContext 7 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 7 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 34 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/bafym21/Seliware-Executor/releases/download/Download/script.zip
    1⤵
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4872
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffd576ecc40,0x7ffd576ecc4c,0x7ffd576ecc58
      2⤵
        PID:4848
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1880,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1876 /prefetch:2
        2⤵
          PID:4380
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2172 /prefetch:3
          2⤵
            PID:5080
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2248,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2440 /prefetch:8
            2⤵
              PID:844
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3124,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3120 /prefetch:1
              2⤵
                PID:1960
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3084,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3076 /prefetch:1
                2⤵
                  PID:2976
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
                  2⤵
                    PID:1148
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4512,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4828 /prefetch:8
                    2⤵
                      PID:4556
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4344,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4892 /prefetch:1
                      2⤵
                        PID:1572
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5424,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3536 /prefetch:1
                        2⤵
                          PID:2616
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5580,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:2
                          2⤵
                            PID:4540
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5380,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5700 /prefetch:1
                            2⤵
                              PID:3572
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5416,i,278232112188196014,7381310312468253825,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4348 /prefetch:1
                              2⤵
                                PID:568
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                              1⤵
                                PID:3920
                              • C:\Windows\system32\svchost.exe
                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                1⤵
                                  PID:2700
                                • C:\Windows\System32\rundll32.exe
                                  C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                  1⤵
                                    PID:2284
                                  • C:\Users\Admin\Downloads\script\Script.exe
                                    "C:\Users\Admin\Downloads\script\Script.exe"
                                    1⤵
                                    • Suspicious use of SetThreadContext
                                    • System Location Discovery: System Language Discovery
                                    PID:560
                                    • C:\Users\Admin\Downloads\script\Script.exe
                                      "C:\Users\Admin\Downloads\script\Script.exe"
                                      2⤵
                                      • System Location Discovery: System Language Discovery
                                      PID:2124
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -u -p 560 -s 796
                                      2⤵
                                      • Program crash
                                      PID:264
                                  • C:\Windows\SysWOW64\WerFault.exe
                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 560 -ip 560
                                    1⤵
                                      PID:4284
                                    • C:\Users\Admin\Downloads\script\Script.exe
                                      "C:\Users\Admin\Downloads\script\Script.exe"
                                      1⤵
                                      • Suspicious use of SetThreadContext
                                      • System Location Discovery: System Language Discovery
                                      PID:2600
                                      • C:\Users\Admin\Downloads\script\Script.exe
                                        "C:\Users\Admin\Downloads\script\Script.exe"
                                        2⤵
                                        • System Location Discovery: System Language Discovery
                                        PID:2764
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -u -p 2600 -s 784
                                        2⤵
                                        • Program crash
                                        PID:4692
                                    • C:\Windows\SysWOW64\WerFault.exe
                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 2600 -ip 2600
                                      1⤵
                                        PID:2852
                                      • C:\Users\Admin\Downloads\script\Script.exe
                                        "C:\Users\Admin\Downloads\script\Script.exe"
                                        1⤵
                                        • Suspicious use of SetThreadContext
                                        • System Location Discovery: System Language Discovery
                                        PID:388
                                        • C:\Users\Admin\Downloads\script\Script.exe
                                          "C:\Users\Admin\Downloads\script\Script.exe"
                                          2⤵
                                          • System Location Discovery: System Language Discovery
                                          PID:4540
                                        • C:\Windows\SysWOW64\WerFault.exe
                                          C:\Windows\SysWOW64\WerFault.exe -u -p 388 -s 764
                                          2⤵
                                          • Program crash
                                          PID:4464
                                      • C:\Windows\SysWOW64\WerFault.exe
                                        C:\Windows\SysWOW64\WerFault.exe -pss -s 468 -p 388 -ip 388
                                        1⤵
                                          PID:4500
                                        • C:\Users\Admin\Downloads\script\Script.exe
                                          "C:\Users\Admin\Downloads\script\Script.exe"
                                          1⤵
                                          • Suspicious use of SetThreadContext
                                          • System Location Discovery: System Language Discovery
                                          PID:3448
                                          • C:\Users\Admin\Downloads\script\Script.exe
                                            "C:\Users\Admin\Downloads\script\Script.exe"
                                            2⤵
                                              PID:3696
                                            • C:\Users\Admin\Downloads\script\Script.exe
                                              "C:\Users\Admin\Downloads\script\Script.exe"
                                              2⤵
                                              • System Location Discovery: System Language Discovery
                                              PID:4356
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -u -p 3448 -s 772
                                              2⤵
                                              • Program crash
                                              PID:4500
                                          • C:\Windows\SysWOW64\WerFault.exe
                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 464 -p 3448 -ip 3448
                                            1⤵
                                              PID:3464
                                            • C:\Users\Admin\Downloads\script\Script.exe
                                              "C:\Users\Admin\Downloads\script\Script.exe"
                                              1⤵
                                              • Suspicious use of SetThreadContext
                                              • System Location Discovery: System Language Discovery
                                              PID:4880
                                              • C:\Users\Admin\Downloads\script\Script.exe
                                                "C:\Users\Admin\Downloads\script\Script.exe"
                                                2⤵
                                                • System Location Discovery: System Language Discovery
                                                PID:1012
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -u -p 4880 -s 780
                                                2⤵
                                                • Program crash
                                                PID:4776
                                            • C:\Windows\SysWOW64\WerFault.exe
                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 476 -p 4880 -ip 4880
                                              1⤵
                                                PID:4328
                                              • C:\Users\Admin\Downloads\script\Script.exe
                                                "C:\Users\Admin\Downloads\script\Script.exe"
                                                1⤵
                                                • Suspicious use of SetThreadContext
                                                • System Location Discovery: System Language Discovery
                                                PID:1184
                                                • C:\Users\Admin\Downloads\script\Script.exe
                                                  "C:\Users\Admin\Downloads\script\Script.exe"
                                                  2⤵
                                                  • System Location Discovery: System Language Discovery
                                                  PID:1716
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 1184 -s 156
                                                  2⤵
                                                  • Program crash
                                                  PID:1816
                                              • C:\Windows\SysWOW64\WerFault.exe
                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 1184 -ip 1184
                                                1⤵
                                                  PID:1148
                                                • C:\Users\Admin\Downloads\script\Script.exe
                                                  "C:\Users\Admin\Downloads\script\Script.exe"
                                                  1⤵
                                                  • Suspicious use of SetThreadContext
                                                  • System Location Discovery: System Language Discovery
                                                  PID:4612
                                                  • C:\Users\Admin\Downloads\script\Script.exe
                                                    "C:\Users\Admin\Downloads\script\Script.exe"
                                                    2⤵
                                                    • System Location Discovery: System Language Discovery
                                                    PID:3696
                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 4612 -s 156
                                                    2⤵
                                                    • Program crash
                                                    PID:4776
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 4612 -ip 4612
                                                  1⤵
                                                    PID:4388

                                                  Network

                                                  MITRE ATT&CK Enterprise v15

                                                  Replay Monitor

                                                  Loading Replay Monitor...

                                                  Downloads

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
                                                    Filesize

                                                    649B

                                                    MD5

                                                    ac15105a9b307004461f5e081d150e3a

                                                    SHA1

                                                    268146b4ded31dc13184be599e89da05d34fb4f2

                                                    SHA256

                                                    1c6212459b68d8de3b69b799964ccf96e32666633ca8f96dffb39cb2de0ff0ae

                                                    SHA512

                                                    42212ceb2324efa13b438c01d7f432ab93670b763159b83e2465cbd8b35804a4362ecea62fe2fa36ee330ce46ec94337351aa60f56ecc70fe28ec275f478f9d4

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                    Filesize

                                                    432B

                                                    MD5

                                                    b142bb8fe8472d56f0c877a330a8a4dc

                                                    SHA1

                                                    617deb7390026301eefc14b71e23aa59cd32a6aa

                                                    SHA256

                                                    ee76725cb2889845ee9b95b6074cfc202e7b32bf03a61609ee8afa5cd2e9f214

                                                    SHA512

                                                    9d0254838b968e537fa1549e5d177acabdb85d0e717b242623ae8bf7e4fa9eb2961655274ba71222481a0b92420341589370ef24d0ad032e21cf16021f238250

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                    Filesize

                                                    2KB

                                                    MD5

                                                    b7ebd129ac4db24312d4940287a7eb39

                                                    SHA1

                                                    e72ddf9fe28257254286ce6b960d971c86f1f16a

                                                    SHA256

                                                    198ea38b04091ee691fd73b1c00295ec72009a986d88666230b499580600c7fd

                                                    SHA512

                                                    f0f61878cb1a00140cb1227e22ab48132e9091d3c201d239298aa01063024a8d7c28cf913a330bb0a9444b1d8cac86e6ccc3bf6666b270feb6d003101476f3f5

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
                                                    Filesize

                                                    2B

                                                    MD5

                                                    d751713988987e9331980363e24189ce

                                                    SHA1

                                                    97d170e1550eee4afc0af065b78cda302a97674c

                                                    SHA256

                                                    4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                    SHA512

                                                    b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                    Filesize

                                                    1KB

                                                    MD5

                                                    35d2a75256b57e50cd3decfec0dd116a

                                                    SHA1

                                                    c63de5a649883f489dee447f11034d1370d80b94

                                                    SHA256

                                                    6a7f60a5b2cad29e3de7fced8cbc1cc19042a86320362e62c3b4c35de1720e60

                                                    SHA512

                                                    d26c67ef41e8e2c293723bca2d25deded8d7603b27ab309d00cd49021b0c911c209afeb4e4b200b966a45a208145920c34cd3fd26e140a399be5b29730fc138d

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    509971435b6e6f8b83f49830e8c231f9

                                                    SHA1

                                                    fcbbffa095cf1cb223a64dc74c00c85239f75359

                                                    SHA256

                                                    17e514e575aaf9094f50cd3c292dd3c356d15525d7f20f593531f6fb3e3d6ac7

                                                    SHA512

                                                    4133abd10ae089889d18cb003cf325650d8341a475c52ab3b868ea02cdcfe86c53887296db343718dab362a50e58f654c23b3d5303c880e3faadabb2a5532eb3

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                    Filesize

                                                    9KB

                                                    MD5

                                                    4b65055e5753319799536517bba934f5

                                                    SHA1

                                                    44ffdfcb2b96263e2bfad3611aeff2ed717c35fa

                                                    SHA256

                                                    c1d75f49e28366930d9bb13f109551980e1b18b79c1f4d2c29aba18f20046667

                                                    SHA512

                                                    cd234c3c195d058cfeea5be4233145849a3468e7451ab4e10943b1e9ef523f89c8f7c8cedb6d241b2e26dad1ea00396dbee0ca282091f0bbf294dde887532013

                                                    Download Submit

                                                  • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                    Filesize

                                                    116KB

                                                    MD5

                                                    b41a549aac8a2e716165451b1b149ff0

                                                    SHA1

                                                    24ea83eba3b630f1566fa446cbf70144bb5a80dd

                                                    SHA256

                                                    e036cc3864ea81b6709bae779631dad8c9b5e36da0da4827fe36e10886a47ccd

                                                    SHA512

                                                    013931493ac54f536e98316710bb1caa86554853df6199b79d339bc5c4bacdf110fc0a64ac8e7fb9cfbb7baed90eb8d3615b220f3a5202236751aae352b1ebb0

                                                    Download Submit

                                                  • C:\Users\Admin\Downloads\script.zip.crdownload
                                                    Filesize

                                                    5.4MB

                                                    MD5

                                                    a8f18d05ee349962e2f6c4ec12c31adc

                                                    SHA1

                                                    decabb22b693adde8b9a50561705750d36063506

                                                    SHA256

                                                    60881fb0340f0104136d089421f819b3f42bbd5b42a095b6a66cfb756ec0d09a

                                                    SHA512

                                                    3303f2ac273617cf74579235984c6e60836a87b46726f9a96eb876af53b0a84adc7aef3b3f3462264218befbf39e673c9799a657cfbb670488971a9eaf2ceec1

                                                    Download Submit

                                                  • memory/560-164-0x0000000074CDE000-0x0000000074CDF000-memory.dmp

                                                    Filesize

                                                    4KB

                                                    Download

                                                  • memory/560-171-0x0000000074CD0000-0x0000000075480000-memory.dmp

                                                    Filesize

                                                    7.7MB

                                                    Download

                                                  • memory/560-166-0x0000000005460000-0x0000000005A04000-memory.dmp

                                                    Filesize

                                                    5.6MB

                                                    Download

                                                  • memory/560-165-0x0000000000510000-0x0000000000572000-memory.dmp

                                                    Filesize

                                                    392KB

                                                    Download

                                                  • memory/2124-170-0x0000000000400000-0x0000000000459000-memory.dmp

                                                    Filesize

                                                    356KB

                                                    Download

                                                  • memory/2124-168-0x0000000000400000-0x0000000000459000-memory.dmp

                                                    Filesize

                                                    356KB

                                                    Download

                                                  • memory/2124-172-0x0000000000400000-0x0000000000459000-memory.dmp

                                                    Filesize

                                                    356KB

                                                    Download