latrodectus | 4a5ad2ac55adc278ff825ea46d4f89065084f6735c96d1ed30e183d2caca9ed7

Analysis

max time kernel
56s
max time network
58s
platform
windows10-2004_x64
resource
win10v2004-20250313-en
resource tags

arch:x64arch:x86image:win10v2004-20250313-enlocale:en-usos:windows10-2004-x64system
submitted
14/03/2025, 08:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

♦•Rèady•Fîlè•PassW0rd•Is•♦11148•.7z
Size

8.0MB
MD5

5658f6a118b93d6739fb6f5e7efd9d81
SHA1

4a5bfbf68b0b464fa5702b23df7808eab7515291
SHA256

b49e1e47ae0a7ccee75280b0d13405811dd343b6b619e20cb33eee80e16aa3f2
SHA512

4100da7b792662e224244e36325152706b9599092b0a1cb23a6d6fec931a0a89729e8065e5e4d89b98454d43f052a54f6d0fa37acced287521e020c8ea8f985d
SSDEEP

196608:Lr3VkNhAwfYGVfk/toNrjLtTpQhCv5VkAd7jyZvW0eW50YnYt:LZkYvGVfmarj5Tb8mjyZvPN51m

Score

10^/10

latrodectus lumma discovery loader spyware stealer

Malware Config

Extracted

Family

lumma

https://hingehjan.shop/api

https://featureccus.shop/api

https://wmrodularmall.top/api

https://jowinjoinery.icu/api

https://legenassedk.top/api

https://htardwarehu.icu/api

https://2cjlaspcorne.icu/api

https://bugildbett.top/api

https://6latchclan.shop/api

Extracted

Family

latrodectus

Version

1.4

https://remustarofilac.com/test/

https://horetimodual.com/test/

Attributes

group
Ferrary
user_agent
Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Tob 1.1)

aes.hex

Signatures

Latrodectus family
latrodectus
Latrodectus loader
Latrodectus is a loader written in C++.
loader latrodectus
Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Downloads MZ/PE file 2 IoCs

flow	pid	Process
17	6040	svchost.exe
30	2252	svchost.exe

Executes dropped EXE 3 IoCs

pid	Process
5372	Setup.exe
5228	Setup.exe
1824	Setup.exe

Loads dropped DLL 27 IoCs

pid	Process
5372	Setup.exe
5372	Setup.exe
5372	Setup.exe
5372	Setup.exe
5372	Setup.exe
5372	Setup.exe
5372	Setup.exe
5372	Setup.exe
5228	Setup.exe
5228	Setup.exe
5228	Setup.exe
5228	Setup.exe
5228	Setup.exe
5228	Setup.exe
5228	Setup.exe
5228	Setup.exe
1376	rundll32.exe
544	rundll32.exe
5384	rundll32.exe
1824	Setup.exe
1824	Setup.exe
1824	Setup.exe
1824	Setup.exe
1824	Setup.exe
1824	Setup.exe
1824	Setup.exe
1824	Setup.exe

Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 5372 set thread context of 2380	5372	Setup.exe	85
PID 1824 set thread context of 3212	1824	Setup.exe	95

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
5372	Setup.exe
5372	Setup.exe
2380	more.com
2380	more.com
6040	svchost.exe
6040	svchost.exe
6040	svchost.exe
6040	svchost.exe
5228	Setup.exe
6040	svchost.exe
6040	svchost.exe
6040	svchost.exe
6040	svchost.exe
1824	Setup.exe
1824	Setup.exe
3212	more.com
3212	more.com
2252	svchost.exe
2252	svchost.exe
2252	svchost.exe
2252	svchost.exe
2252	svchost.exe
2252	svchost.exe
2252	svchost.exe
2252	svchost.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4436	7zFM.exe

Suspicious behavior: MapViewOfSection 4 IoCs

pid	Process
5372	Setup.exe
2380	more.com
1824	Setup.exe
3212	more.com

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeRestorePrivilege	4436	7zFM.exe
Token: 35	4436	7zFM.exe
Token: SeSecurityPrivilege	4436	7zFM.exe
Token: SeImpersonatePrivilege	6040	svchost.exe
Token: SeImpersonatePrivilege	6040	svchost.exe
Token: SeImpersonatePrivilege	2252	svchost.exe
Token: SeImpersonatePrivilege	2252	svchost.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4436	7zFM.exe
4436	7zFM.exe
4436	7zFM.exe

Suspicious use of WriteProcessMemory 25 IoCs

description	pid	Process	procid_target
PID 5372 wrote to memory of 2380	5372	Setup.exe	85
PID 5372 wrote to memory of 2380	5372	Setup.exe	85
PID 5372 wrote to memory of 2380	5372	Setup.exe	85
PID 5372 wrote to memory of 2380	5372	Setup.exe	85
PID 2380 wrote to memory of 6040	2380	more.com	87
PID 2380 wrote to memory of 6040	2380	more.com	87
PID 2380 wrote to memory of 6040	2380	more.com	87
PID 2380 wrote to memory of 6040	2380	more.com	87
PID 2380 wrote to memory of 6040	2380	more.com	87
PID 6040 wrote to memory of 1376	6040	svchost.exe	91
PID 6040 wrote to memory of 1376	6040	svchost.exe	91
PID 6040 wrote to memory of 1376	6040	svchost.exe	91
PID 1376 wrote to memory of 544	1376	rundll32.exe	92
PID 1376 wrote to memory of 544	1376	rundll32.exe	92
PID 544 wrote to memory of 5384	544	rundll32.exe	93
PID 544 wrote to memory of 5384	544	rundll32.exe	93
PID 1824 wrote to memory of 3212	1824	Setup.exe	95
PID 1824 wrote to memory of 3212	1824	Setup.exe	95
PID 1824 wrote to memory of 3212	1824	Setup.exe	95
PID 1824 wrote to memory of 3212	1824	Setup.exe	95
PID 3212 wrote to memory of 2252	3212	more.com	97
PID 3212 wrote to memory of 2252	3212	more.com	97
PID 3212 wrote to memory of 2252	3212	more.com	97
PID 3212 wrote to memory of 2252	3212	more.com	97
PID 3212 wrote to memory of 2252	3212	more.com	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\♦•Rèady•Fîlè•PassW0rd•Is•♦11148•.7z"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4436

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:5372
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:2380
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - Downloads MZ/PE file
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:6040
  - - C:\Windows\SysWOW64\rundll32.exe
      rundll32 "C:\Users\Admin\AppData\Local\Temp\93J7QVSU2QBZPCZGV06EX.dll",Editor
      4⤵
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:1376
    - - C:\Windows\system32\rundll32.exe
        
        rundll32 "C:\Users\Admin\AppData\Local\Temp\93J7QVSU2QBZPCZGV06EX.dll",Editor
        5⤵
        Loads dropped DLL
        Suspicious use of WriteProcessMemory
        
        PID:544
      - C:\Windows\system32\rundll32.exe
        
        rundll32.exe "C:\Users\Admin\AppData\Roaming\Custom_update\Update_1168b247.dll", Editor
        6⤵
        Loads dropped DLL
        
        PID:5384

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1192

C:\Users\Admin\Desktop\Setup.exe
"C:\Users\Admin\Desktop\Setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
- Suspicious use of WriteProcessMemory
PID:1824
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  - Suspicious use of WriteProcessMemory
  PID:3212
- - C:\Windows\SysWOW64\svchost.exe
    C:\Windows\SysWOW64\svchost.exe
    3⤵
    - Downloads MZ/PE file
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:2252

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\5b7ffa83

Filesize
1.1MB

MD5
befd2068c7b84d164fae74547f75a8e1

SHA1
4248de5904dd5afd1f127434696a0674ea77cb53

SHA256
9ce9359ce96453742739483bbd02f2cba2d9cb160e8aab64871ec62ea4ebee56

SHA512
548238557857aaee38211ea55843db391bcf7bc16b8846cf94ea3c5fb5f653aaf67b73ca763ca9e0f5d94cca129e6abf71db8bd438d3101a22c427e012fa1646

Download Submit
C:\Users\Admin\AppData\Local\Temp\93J7QVSU2QBZPCZGV06EX.dll

Filesize
1.8MB

MD5
56f403ded2a31f25592afcc131cf378a

SHA1
3d7c8aa50ecc650ba161234272c532ec1d502145

SHA256
5e9b53207cb53c38217fb443e9a84c0fa745fa7fc62ace3673a2c49c6e873749

SHA512
653abb63d0e35ecb214daa27bea025df11ed5bf03183cdf17dc1e492e41831fbb99efaf921be120b7d8740f8d5faad8c64511b3ab589d11b40d3ad5c66cc1289

Download Submit
C:\Users\Admin\AppData\Local\Temp\f95492fb

Filesize
1.1MB

MD5
998ccab28eaa3dacfdae1d7bf1fea5c1

SHA1
670e6a25b879a41e0a4ca178382159fe2fc81074

SHA256
355f027a9572b3d12d4c0adf978b9ff4b91f88030298348d8a3431b1a08507a5

SHA512
1ad955829270b821d6e45c4c9bb1e63ff718dd6b11bfb24f38c711900e880d2e3b22e1637602556898acafd11b982bfbdec3423fcff9d7d39752237f7e432e83

Download Submit
C:\Users\Admin\Desktop\Comn.dll

Filesize
349KB

MD5
f76f5a566cbb5f561d26e7aca841c723

SHA1
4838fd2dd9dbfcdaf2b1f11091f15a17f93c29be

SHA256
0576fc3b0c9381c47a8a9443abdd195eebb34ece0adc5c6d17624ca0e914e8e3

SHA512
9f574f09a4c54b8e786846297fcfad7af647eb134d8e960b078a83e982ccae2956aa6c4c1014c01c7774461e31314904cb6dfc325c7a90c3e31130838beb24c0

Download Submit
C:\Users\Admin\Desktop\Data\DisplayLanguageNames.hr.txt

Filesize
32KB

MD5
9770af8f7f17be5cd9e382c21b1d45d4

SHA1
510f330d137e77b1f1cae30b2862f2202c0bed87

SHA256
ad651b49484e5bafe951e1008f3c526e5f2cf7d7ca66f40ceda2922fc7e26035

SHA512
54949b063934c20cfc0f451efcffd864b613e253a5949021888607708c769045a6aae6f66c4c727a6fa13fac043de378c8b1ce2c0c27f0dd2860874abace7fd5

Download Submit
C:\Users\Admin\Desktop\Data\ascii.txt

Filesize
1KB

MD5
07ed7491eaeb2827fc43db885613e762

SHA1
7ac5fd487153addb79f97a4ad0521009f6b0c07c

SHA256
3a3b8f9b73f2192eb1898167363ba65a064b9db611a98abd2f274686f69f8440

SHA512
adbcb566296b9a493defb23c28091dcbfbeddc7708aa595f9ac98782149bda374ff1db376d3c0c03af12458c80fb614c9cccf79cb92e6bd744de9286f24fc944

Download Submit
C:\Users\Admin\Desktop\Data\mod_get_ambiguous_import.txt

Filesize
1KB

MD5
0663cb6d365a509905989f9456f63b69

SHA1
2f55ce4842ffd86a91f266487688cc1e7bd1764e

SHA256
0cb2a2d5116f1ce2227be2f09cb374811dc2d766def2e33fe9c4818bbf3ec3c0

SHA512
c7e1fc9231b60429816a2ffbacd7a99e2679bc77ce7d3a6c127347d471ab52f06ce86765bae5ad3f18ac1bf0192a33cd79a0fc4db4b127e2123ec251b2654cca

Download Submit
C:\Users\Admin\Desktop\Data\namedcolors.txt

Filesize
5KB

MD5
82dff2672115d101cd47a8fa9b6abeda

SHA1
0e8e7fc2f191760c51dbeafa0fc32445a7374cff

SHA256
505ccfd91dc952c3373672526e966ddcdca9d5f2dfbf84b8c8adb7bcd1ab8e76

SHA512
aa73bbff14fea511ef6a910368b7a842df740794bd0e1b30da0a76eaaf6f43ff801e02ed743807de9e8c955e6d35c1709c98113b4d92ddbb6febc33c0b2631d4

Download Submit
C:\Users\Admin\Desktop\QtCore4.dll

Filesize
2.3MB

MD5
03985b7b207e63b6bb894ea6ea78d92b

SHA1
0e6fc44b1f3c724e6050152d9e240a548314a6ff

SHA256
793153a9262e4c280a71ea595fe49208a89766d6d344766af0abf8c32648f3e0

SHA512
a2e9749c7d7c9745eb16b6976c6c208b3ce2ee524e958cf7c41d0d31a7fb761c4f66ad8320301c652ef4ea8128111ad9687e64f3944d40b933153d99ab8c272b

Download Submit
C:\Users\Admin\Desktop\QtGui4.dll

Filesize
8.2MB

MD5
7762990562f96b0650da3c55e3329efa

SHA1
feac520d4484a377ff4e183bfef4f6a843e3a977

SHA256
8c11f38ceb7b2a8ba3b7d6a34a1d50ede35bf328838cf1d8483ebc85313b5ed0

SHA512
4921c40ac1b4202185a8a712fd8375cb9653df411a0124c7b3225c423bae0de37713107e7068d7b3fb7150af3e1d754565694dec76ef5853c020088af61a634a

Download Submit
C:\Users\Admin\Desktop\QtNetwork4.dll

Filesize
825KB

MD5
a3c0c0b1442cdc0a2f49c2b2ae39d245

SHA1
6aff3d64e06955fb9ad4b19c394dcfdc212b423a

SHA256
901fc44992636086f2bc958aa3bdbe2d9ac3e169fc11e0f9d92d235cc906a35a

SHA512
b4bb0196ab8a960206b7f1d082eb7d94a408345a2887694d17186f3a2581e9263ddd43d099f2493ee8789ab5ebabac911ba54c069e517cfc479461b1a7bb4f20

Download Submit
C:\Users\Admin\Desktop\Setup.exe

Filesize
341KB

MD5
7700f61beca60db53658c52a05b01941

SHA1
983f920ffec60b308c02cc07e0abf465c8ba965a

SHA256
7e6b2664f4417f5a8f981ced5f2eef867cb72bca990fe3864d76d878ff62cf52

SHA512
33e68f2b2440079a75523f69d55ebeb175f1448731d28ba1a120729df3e1612231903c5a9872ab673d629e865f60550bec52d7004417f0305e412724dc8011d4

Download Submit
C:\Users\Admin\Desktop\libcrypto-1_1.dll

Filesize
2.2MB

MD5
832205883448ab8c689d8a434d92f80b

SHA1
890c403a288c65683edbe9917b972ceb6eb7eba7

SHA256
558addae67d50612acd60a02fb29d41be61999d299348df9a225e419cc9395ed

SHA512
0c1b8b3776c14b78f9b7ac09627ca7762f62c63da489204f376519752b029951798c1ed24aed07cc660c5e54936c06560fda921e33a76e80ebab10ef97177973

Download Submit
C:\Users\Admin\Desktop\libssl-1_1.dll

Filesize
641KB

MD5
cdbf8cd36924ffb81b19487746f7f18e

SHA1
781190c5a979359054ce56ceef714a8f5384cfbb

SHA256
0813c77df688b39f26bad0be2b3e4afde13e97d9a1ebcbdb3b1f4184218d1a57

SHA512
ca43450e853b3c74808ad199abe329ac2a2d7ae2e84c17fb467374c22ec9620fb102c75889e279e2d28f0ebd14d8bafafe700241ba4141fd64b4801802a3d474

Download Submit
C:\Users\Admin\Desktop\mam.dmg

Filesize
931KB

MD5
ee7926dda58f07906747bc936724aea7

SHA1
5133bbb7df2e07443d7c6521e878366ae115e28c

SHA256
fb617ba0ec74d3e258caa81f90160cad38b6127108adcd1a1ea08d1c95a2d1e6

SHA512
4ce28ba95b0de21f3baedb66a63b44bdfc540350855752d94c84ccb63f138035b0352725c9c744aa64d19dcdbf794afe69712b7ca49e67476378a60829aecd7c

Download Submit
C:\Users\Admin\Desktop\msvcp80.dll

Filesize
536KB

MD5
272a9e637adcaf30b34ea184f4852836

SHA1
6de8a52a565f813f8ac7362e0c8ba334b680f8f8

SHA256
35b15b78c31111db4fa11d9c9cad3a6f22c92daa5e6f069dc455e72073266cc4

SHA512
f1f04a84d25a74bb1cf6285ef705f092a08e93d39df569f6badc45b8722d496bbbef02b4e19f76a0332e3842945506c2c12ad61fe34f339bb91f49b8d112cd52

Download Submit
C:\Users\Admin\Desktop\msvcr80.dll

Filesize
612KB

MD5
43143abb001d4211fab627c136124a44

SHA1
edb99760ae04bfe68aaacf34eb0287a3c10ec885

SHA256
cb8928ff2faf2921b1eddc267dce1bb64e6fee4d15b68cd32588e0f3be116b03

SHA512
ced96ca5d1e2573dbf21875cf98a8fcb86b5bcdca4c041680a9cb87374378e04835f02ab569d5243608c68feb2e9b30ffe39feb598f5081261a57d1ce97556a6

Download Submit
C:\Users\Admin\Desktop\wellbeloved.dbf

Filesize
25KB

MD5
6151d95a66c763f2ae00c6e8928a4826

SHA1
858f4c3e3f848c4832b8776b1166170623404982

SHA256
fa216c845e5dd3d89bf6cd128f617ea7a51d092ac5ca1bc26c964b83fcf06592

SHA512
fbf1cb4cca5fb534ea3a64bb261cd729f211dc7b16ccc67c5804d41634be56e159f48885d2f9ca227641e921e6e8e71b643e631e6a5e80f7dddde8ddac40f66c

Download Submit
C:\Users\Admin\Desktop\x64\mb_output_handler_pass.phpt

Filesize
456B

MD5
4eb9bf26e77653187898d2b0a95a6558

SHA1
a30418f1ef539b0ad19c04a2022c7ff5cc5416d5

SHA256
7c0fde63c907746a561d2a4d3346687eea2b3e2a4a88f9ff7931958721eb5f31

SHA512
b1e22138484b6c3d62d2a2f5d5df0f4743df5c77c3abdf12477309ab8df6b4497d34425c8a84078f1d8af1b8a206d5c049ab565b8a96725d889a9203186eeee0

Download Submit
memory/544-280-0x0000000180000000-0x0000000181CB2000-memory.dmp

Filesize
28.7MB

Download
memory/544-287-0x00007FFAE4DB0000-0x00007FFAE4F83000-memory.dmp

Filesize
1.8MB

Download
memory/1824-330-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/1824-307-0x0000000002020000-0x000000000225D000-memory.dmp

Filesize
2.2MB

Download
memory/1824-304-0x00000000006C0000-0x000000000075E000-memory.dmp

Filesize
632KB

Download
memory/1824-308-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/1824-309-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/2252-338-0x0000000000E30000-0x0000000000EAE000-memory.dmp

Filesize
504KB

Download
memory/2252-339-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/2380-248-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/2380-247-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/2380-254-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/2380-250-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/2380-249-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/3212-333-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/5228-273-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/5228-268-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/5228-264-0x00000000005B0000-0x000000000064E000-memory.dmp

Filesize
632KB

Download
memory/5228-267-0x00000000021C0000-0x00000000023FD000-memory.dmp

Filesize
2.2MB

Download
memory/5372-228-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/5372-244-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/5372-243-0x0000000074100000-0x000000007427B000-memory.dmp

Filesize
1.5MB

Download
memory/5372-242-0x0000000074113000-0x0000000074115000-memory.dmp

Filesize
8KB

Download
memory/5372-229-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/5372-225-0x00000000022E0000-0x000000000251D000-memory.dmp

Filesize
2.2MB

Download
memory/5372-221-0x0000000002240000-0x00000000022DE000-memory.dmp

Filesize
632KB

Download
memory/6040-255-0x00007FFB029F0000-0x00007FFB02BE5000-memory.dmp

Filesize
2.0MB

Download
memory/6040-279-0x0000000000770000-0x000000000077E000-memory.dmp

Filesize
56KB

Download
memory/6040-278-0x0000000000590000-0x000000000060E000-memory.dmp

Filesize
504KB

Download