Overview

overview

10

Static

static

7

Loaderldsaldls.exe

windows10-1703-x64

10

⌚/output.exe

windows10-1703-x64

⌚/output2.exe

windows10-1703-x64

Source/QtG...re.dll

windows10-1703-x64

1

Source/QtG...lur.js

windows10-1703-x64

3

Source/QtQ...yle.js

windows10-1703-x64

3

Source/QtQ...yle.js

windows10-1703-x64

3

Source/QtQ...yle.js

windows10-1703-x64

3

Source/QtQ...yle.js

windows10-1703-x64

3

Source/QtQ...yle.js

windows10-1703-x64

3

Source/QtQ...yle.js

windows10-1703-x64

4

Source/QtQ...in.dll

windows10-1703-x64

1

Source/QtQ...iew.js

windows10-1703-x64

3

Source/QtQ...iew.js

windows10-1703-x64

3

Source/QtQ...umn.js

windows10-1703-x64

3

Source/QtQ...rea.js

windows10-1703-x64

3

Source/QtQ...iew.js

windows10-1703-x64

3

Source/QtQ...in.dll

windows10-1703-x64

1

Source/QtQ...in.dll

windows10-1703-x64

1

Source/QtQ...in.dll

windows10-1703-x64

1

Source/QtQ...in.dll

windows10-1703-x64

1

Source/QtW...in.dll

windows10-1703-x64

1

Source/QtW...as.dll

windows10-1703-x64

1

Source/aud...pi.dll

windows10-1703-x64

1

Source/aud...ws.dll

windows10-1703-x64

1

Source/ima...if.dll

windows10-1703-x64

1

Source/ima...co.dll

windows10-1703-x64

1

Source/ima...eg.dll

windows10-1703-x64

1

Source/ima...vg.dll

windows10-1703-x64

1

Source/ima...bp.dll

windows10-1703-x64

1

Source/pla...ws.dll

windows10-1703-x64

1

Source/sty...le.dll

windows10-1703-x64

1

Analysis

  • max time kernel
    306s
  • max time network
    326s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    30-06-2024 23:36

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Loaderldsaldls.exe

  • Size

    667.6MB

  • MD5

    4d7ef45e0306a1affb7bf13a8d4df52a

  • SHA1

    b61beea3033558114e5a158742b2e54a46ee432a

  • SHA256

    55c958d034353bdcb6de3ac799e3df870ab56e8aef1cfb215ed853f178ad11c5

  • SHA512

    7200fcc6d431a148aa683b4f2e4cbfe07a66ed260685ef12ecee5fecd1d7e48c51e6e822f47e4e9921cac5422a30aa8933a956991e00425f1a797fd4d26e5f6a

  • SSDEEP

    98304:pojXoXU7jjY7cYq5uGfUTHrZ2UZX40Dp+nShHhFuyWf2+UX50aV+K6d+GV/F:pU6Sjc796e1B4+/VXuyM2TX2+6oq

Score
10/10
lummaxmrigevasionexecutionminerpersistencestealerthemidatrojanupx

Malware Config

Extracted

Family

lumma

C2

https://piedsiggnycliquieaw.shop/api

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • xmrig

    XMRig is a high performance, open source, cross platform CPU/GPU miner.

    minerxmrig
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 2 IoCs
    evasion
  • XMRig Miner payload 32 IoCs
    miner
  • Command and Scripting Interpreter: PowerShell 1 TTPs 2 IoCs

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution
  • Creates new service(s) 2 TTPs
    persistenceexecution
  • Stops running service(s) 4 TTPs
    evasionexecution
  • Checks BIOS information in registry 2 TTPs 4 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Executes dropped EXE 3 IoCs
  • Themida packer 11 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • UPX packed file 37 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks whether UAC is enabled 1 TTPs 2 IoCs
    evasiontrojan
  • Power Settings 1 TTPs 8 IoCs

    powercfg controls all configurable power system settings on a Windows system and can be abused to prevent an infected host from locking or shutting down.

    persistence
  • Drops file in System32 directory 4 IoCs
  • Suspicious use of SetThreadContext 3 IoCs
  • Drops file in Windows directory 6 IoCs
  • Launches sc.exe 14 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 1 IoCs
  • Checks SCSI registry key(s) 3 TTPs 9 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 47 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of WriteProcessMemory 37 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Loaderldsaldls.exe
    "C:\Users\Admin\AppData\Local\Temp\Loaderldsaldls.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4388
    • C:\Users\Admin\AppData\Roaming\output.exe
      C:\Users\Admin\AppData\Roaming\output.exe
      2⤵
      • Identifies VirtualBox via ACPI registry values (likely anti-VM)
      • Checks BIOS information in registry
      • Executes dropped EXE
      • Checks whether UAC is enabled
      • Drops file in System32 directory
      • Suspicious behavior: EnumeratesProcesses
      PID:1912
      • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
        C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
        3⤵
        • Command and Scripting Interpreter: PowerShell
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:1348
      • C:\Windows\system32\cmd.exe
        C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
        3⤵
        • Suspicious use of WriteProcessMemory
        PID:3108
        • C:\Windows\system32\wusa.exe
          wusa /uninstall /kb:890830 /quiet /norestart
          4⤵
            PID:2268
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop UsoSvc
          3⤵
          • Launches sc.exe
          PID:1704
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop WaaSMedicSvc
          3⤵
          • Launches sc.exe
          PID:2324
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop wuauserv
          3⤵
          • Launches sc.exe
          PID:648
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop bits
          3⤵
          • Launches sc.exe
          PID:2912
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop dosvc
          3⤵
          • Launches sc.exe
          PID:4728
        • C:\Windows\system32\powercfg.exe
          C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
          3⤵
          • Power Settings
          • Suspicious use of AdjustPrivilegeToken
          PID:3044
        • C:\Windows\system32\powercfg.exe
          C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
          3⤵
          • Power Settings
          • Suspicious use of AdjustPrivilegeToken
          PID:3588
        • C:\Windows\system32\powercfg.exe
          C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
          3⤵
          • Power Settings
          • Suspicious use of AdjustPrivilegeToken
          PID:3032
        • C:\Windows\system32\powercfg.exe
          C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
          3⤵
          • Power Settings
          • Suspicious use of AdjustPrivilegeToken
          PID:4068
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe delete "ZGeniusCalc"
          3⤵
          • Launches sc.exe
          PID:2260
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe create "ZGeniusCalc" binpath= "C:\ProgramData\GeniusCalc\update.exe" start= "auto"
          3⤵
          • Launches sc.exe
          PID:1092
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe stop eventlog
          3⤵
          • Launches sc.exe
          PID:4896
        • C:\Windows\system32\sc.exe
          C:\Windows\system32\sc.exe start "ZGeniusCalc"
          3⤵
          • Launches sc.exe
          PID:1512
        • C:\Windows\system32\cmd.exe
          C:\Windows\system32\cmd.exe /c choice /C Y /N /D Y /T 3 & Del "C:\Users\Admin\AppData\Roaming\output.exe"
          3⤵
          • Suspicious use of WriteProcessMemory
          PID:4212
          • C:\Windows\system32\choice.exe
            choice /C Y /N /D Y /T 3
            4⤵
              PID:2436
        • C:\Users\Admin\AppData\Roaming\output2.exe
          C:\Users\Admin\AppData\Roaming\output2.exe
          2⤵
          • Executes dropped EXE
          • Suspicious use of SetThreadContext
          • Suspicious use of WriteProcessMemory
          PID:344
          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
            3⤵
              PID:1564
            • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
              "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
              3⤵
                PID:4856
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 344 -s 328
                3⤵
                • Program crash
                PID:2136
          • C:\ProgramData\GeniusCalc\update.exe
            C:\ProgramData\GeniusCalc\update.exe
            1⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Checks whether UAC is enabled
            • Drops file in System32 directory
            • Suspicious use of SetThreadContext
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious use of WriteProcessMemory
            PID:504
            • C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe
              C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe Add-MpPreference -ExclusionPath @($env:UserProfile, $env:ProgramData) -ExclusionExtension '.exe' -Force
              2⤵
              • Command and Scripting Interpreter: PowerShell
              • Drops file in System32 directory
              • Modifies data under HKEY_USERS
              • Suspicious behavior: EnumeratesProcesses
              • Suspicious use of AdjustPrivilegeToken
              PID:1876
            • C:\Windows\system32\cmd.exe
              C:\Windows\system32\cmd.exe /c wusa /uninstall /kb:890830 /quiet /norestart
              2⤵
              • Suspicious use of WriteProcessMemory
              PID:1324
              • C:\Windows\system32\wusa.exe
                wusa /uninstall /kb:890830 /quiet /norestart
                3⤵
                  PID:3588
              • C:\Windows\system32\sc.exe
                C:\Windows\system32\sc.exe stop UsoSvc
                2⤵
                • Launches sc.exe
                PID:2332
              • C:\Windows\system32\sc.exe
                C:\Windows\system32\sc.exe stop WaaSMedicSvc
                2⤵
                • Launches sc.exe
                PID:4208
              • C:\Windows\system32\sc.exe
                C:\Windows\system32\sc.exe stop wuauserv
                2⤵
                • Launches sc.exe
                PID:3428
              • C:\Windows\system32\sc.exe
                C:\Windows\system32\sc.exe stop bits
                2⤵
                • Launches sc.exe
                PID:1088
              • C:\Windows\system32\sc.exe
                C:\Windows\system32\sc.exe stop dosvc
                2⤵
                • Launches sc.exe
                PID:2968
              • C:\Windows\system32\powercfg.exe
                C:\Windows\system32\powercfg.exe /x -hibernate-timeout-ac 0
                2⤵
                • Power Settings
                • Suspicious use of AdjustPrivilegeToken
                PID:1040
              • C:\Windows\system32\powercfg.exe
                C:\Windows\system32\powercfg.exe /x -hibernate-timeout-dc 0
                2⤵
                • Power Settings
                • Suspicious use of AdjustPrivilegeToken
                PID:4204
              • C:\Windows\system32\powercfg.exe
                C:\Windows\system32\powercfg.exe /x -standby-timeout-ac 0
                2⤵
                • Power Settings
                • Suspicious use of AdjustPrivilegeToken
                PID:8
              • C:\Windows\system32\powercfg.exe
                C:\Windows\system32\powercfg.exe /x -standby-timeout-dc 0
                2⤵
                • Power Settings
                • Suspicious use of AdjustPrivilegeToken
                PID:5092
              • C:\Windows\system32\conhost.exe
                C:\Windows\system32\conhost.exe
                2⤵
                  PID:4804
                • C:\Windows\system32\conhost.exe
                  conhost.exe
                  2⤵
                  • Suspicious behavior: EnumeratesProcesses
                  • Suspicious use of AdjustPrivilegeToken
                  PID:828
              • C:\Windows\system32\taskmgr.exe
                "C:\Windows\system32\taskmgr.exe" /0
                1⤵
                • Drops file in Windows directory
                • Checks SCSI registry key(s)
                • Checks processor information in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: GetForegroundWindowSpam
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                PID:3708
              • C:\Windows\system32\taskmgr.exe
                "C:\Windows\system32\taskmgr.exe" /0
                1⤵
                • Drops file in Windows directory
                • Checks SCSI registry key(s)
                • Checks processor information in registry
                • Suspicious use of AdjustPrivilegeToken
                PID:3204
              • C:\Windows\system32\taskmgr.exe
                "C:\Windows\system32\taskmgr.exe" /0
                1⤵
                • Drops file in Windows directory
                • Checks SCSI registry key(s)
                • Suspicious use of AdjustPrivilegeToken
                PID:4728

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\1601268389\715946058.pri
                Filesize

                171KB

                MD5

                30ec43ce86e297c1ee42df6209f5b18f

                SHA1

                fe0a5ea6566502081cb23b2f0e91a3ab166aeed6

                SHA256

                8ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4

                SHA512

                19e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae

                Download Submit
              • C:\Users\Admin\AppData\Local\Microsoft\Windows\PRICache\4183903823\2290032291.pri
                Filesize

                2KB

                MD5

                b8da5aac926bbaec818b15f56bb5d7f6

                SHA1

                2b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5

                SHA256

                5be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086

                SHA512

                c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436

                Download Submit
              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_icdjntbk.oan.ps1
                Filesize

                1B

                MD5

                c4ca4238a0b923820dcc509a6f75849b

                SHA1

                356a192b7913b04c54574d18c28d46e6395428ab

                SHA256

                6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

                SHA512

                4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

                Download Submit
              • memory/504-239-0x00007FF653A00000-0x00007FF6541CD000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/504-70-0x00007FF653A00000-0x00007FF6541CD000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/504-71-0x00007FF653A00000-0x00007FF6541CD000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/504-69-0x00007FF653A00000-0x00007FF6541CD000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/504-68-0x00007FF653A00000-0x00007FF6541CD000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/828-236-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-267-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-280-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-279-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-277-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-278-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-276-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-275-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-274-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-273-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-272-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-269-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-271-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-270-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-268-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-266-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-237-0x000001FD3AE00000-0x000001FD3AE20000-memory.dmp
                Filesize

                128KB

                Download
              • memory/828-235-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-234-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-241-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-243-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-240-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-263-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-233-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-232-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-230-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-262-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-244-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-242-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-231-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-261-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-260-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-259-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-258-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-252-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-255-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-256-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/828-257-0x0000000140000000-0x0000000140848000-memory.dmp
                Filesize

                8.3MB

                Download
              • memory/1348-18-0x0000024947890000-0x0000024947906000-memory.dmp
                Filesize

                472KB

                Download
              • memory/1348-58-0x00007FFB65DB0000-0x00007FFB6679C000-memory.dmp
                Filesize

                9.9MB

                Download
              • memory/1348-15-0x00007FFB65DB0000-0x00007FFB6679C000-memory.dmp
                Filesize

                9.9MB

                Download
              • memory/1348-14-0x00007FFB65DB0000-0x00007FFB6679C000-memory.dmp
                Filesize

                9.9MB

                Download
              • memory/1348-13-0x00000249475D0000-0x00000249475F2000-memory.dmp
                Filesize

                136KB

                Download
              • memory/1348-12-0x00007FFB65DB3000-0x00007FFB65DB4000-memory.dmp
                Filesize

                4KB

                Download
              • memory/1876-94-0x000001714FEA0000-0x000001714FEBC000-memory.dmp
                Filesize

                112KB

                Download
              • memory/1876-100-0x0000017150180000-0x0000017150239000-memory.dmp
                Filesize

                740KB

                Download
              • memory/1876-133-0x000001714FEC0000-0x000001714FECA000-memory.dmp
                Filesize

                40KB

                Download
              • memory/1912-6-0x00007FF682940000-0x00007FF68310D000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/1912-5-0x00007FF682940000-0x00007FF68310D000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/1912-52-0x00007FF682940000-0x00007FF68310D000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/1912-4-0x00007FF682940000-0x00007FF68310D000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/1912-7-0x00007FF682940000-0x00007FF68310D000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/1912-64-0x00007FF682940000-0x00007FF68310D000-memory.dmp
                Filesize

                7.8MB

                Download
              • memory/4804-226-0x0000000140000000-0x000000014000D000-memory.dmp
                Filesize

                52KB

                Download
              • memory/4804-222-0x0000000140000000-0x000000014000D000-memory.dmp
                Filesize

                52KB

                Download
              • memory/4804-225-0x0000000140000000-0x000000014000D000-memory.dmp
                Filesize

                52KB

                Download
              • memory/4804-223-0x0000000140000000-0x000000014000D000-memory.dmp
                Filesize

                52KB

                Download
              • memory/4804-224-0x0000000140000000-0x000000014000D000-memory.dmp
                Filesize

                52KB

                Download
              • memory/4804-229-0x0000000140000000-0x000000014000D000-memory.dmp
                Filesize

                52KB

                Download
              • memory/4856-65-0x0000000000400000-0x000000000045E000-memory.dmp
                Filesize

                376KB

                Download
              • memory/4856-63-0x0000000000400000-0x000000000045E000-memory.dmp
                Filesize

                376KB

                Download