Overview

overview

10

Static

static

3

EaseUS Dat...k).exe

windows7-x64

7

EaseUS Dat...k).exe

windows10-2004-x64

10

Analysis

  • max time kernel
    148s
  • max time network
    141s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02-07-2024 14:39

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    EaseUS Data Recovery Wizard Crack (SileCrack).exe

  • Size

    5.1MB

  • MD5

    c13127f97d08d608b829c5a5ac8a26ae

  • SHA1

    e420560091ecae1aff6eb0da906d4b3173f78f65

  • SHA256

    4727831057d964540e10b26e564a8106b5d135647b95cf1f52008ae078e65686

  • SHA512

    c0d5b234089a3ea19038025508e65998f66313284c87aba3988bd026522c84697dc2dc3e132da7812a06d5d89c5597d6d14a7389b88f196637fec34750e75d44

  • SSDEEP

    98304:ysu9jR+khQvUjPjXrOkxoQhFXY2IAde4qshPJ80yRLZKkAU:ybjskesjvNVhFXUAA1shPJ80SwU

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://potterryisiw.shop/api

https://foodypannyjsud.shop/api

https://contintnetksows.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 3 IoCs
  • Loads dropped DLL 4 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Suspicious use of SetThreadContext 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 17 IoCs
  • Suspicious behavior: MapViewOfSection 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of FindShellTrayWindow 25 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\EaseUS Data Recovery Wizard Crack (SileCrack).exe
    "C:\Users\Admin\AppData\Local\Temp\EaseUS Data Recovery Wizard Crack (SileCrack).exe"
    1⤵
    • Checks computer location settings
    • Suspicious use of WriteProcessMemory
    PID:3020
    • C:\Users\Admin\AppData\Local\Temp\RarSFX0\VSJOOABU.exe
      "C:\Users\Admin\AppData\Local\Temp\RarSFX0\VSJOOABU.exe"
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:4052
      • C:\Users\Admin\Mp3tag.exe
        "C:\Users\Admin\Mp3tag.exe"
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of WriteProcessMemory
        PID:1196
        • C:\Users\Admin\AppData\Roaming\Toolscan\Mp3tag.exe
          C:\Users\Admin\AppData\Roaming\Toolscan\Mp3tag.exe
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetThreadContext
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious behavior: MapViewOfSection
          • Suspicious use of WriteProcessMemory
          PID:3728
          • C:\Windows\SysWOW64\cmd.exe
            C:\Windows\SysWOW64\cmd.exe
            5⤵
            • Suspicious behavior: EnumeratesProcesses
            • Suspicious behavior: MapViewOfSection
            PID:4812
            • C:\Windows\SysWOW64\explorer.exe
              C:\Windows\SysWOW64\explorer.exe
              6⤵
                PID:5760
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://iplogger.com/1lNic
        2⤵
        • Enumerates system info in registry
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1540
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcf96046f8,0x7ffcf9604708,0x7ffcf9604718
          3⤵
            PID:5068
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
            3⤵
              PID:3048
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
              3⤵
              • Suspicious behavior: EnumeratesProcesses
              PID:4668
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2772 /prefetch:8
              3⤵
                PID:1016
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2124 /prefetch:1
                3⤵
                  PID:3904
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
                  3⤵
                    PID:548
                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                    3⤵
                      PID:4324
                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5216 /prefetch:8
                      3⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:432
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4688 /prefetch:1
                      3⤵
                        PID:5148
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
                        3⤵
                          PID:5156
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
                          3⤵
                            PID:5444
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
                            3⤵
                              PID:5456
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10390772749049586321,9034901017134549797,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1956 /prefetch:2
                              3⤵
                              • Suspicious behavior: EnumeratesProcesses
                              PID:5348
                        • C:\Windows\System32\CompPkgSrv.exe
                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                          1⤵
                            PID:440
                          • C:\Windows\System32\CompPkgSrv.exe
                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                            1⤵
                              PID:2900

                            Network

                            MITRE ATT&CK Matrix ATT&CK v13

                            Initial Access

                            Execution

                            Persistence

                            Privilege Escalation

                            Defense Evasion

                            Credential Access

                            Discovery

                            Query Registry

                            2
                            T1012

                            System Information Discovery

                            3
                            T1082

                            Lateral Movement

                            Collection

                            Exfiltration

                            Command and Control

                            Web Service

                            1
                            T1102

                            Impact

                            Resource Development

                            Reconnaissance

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              56067634f68231081c4bd5bdbfcc202f

                              SHA1

                              5582776da6ffc75bb0973840fc3d15598bc09eb1

                              SHA256

                              8c08b0cbceb301c8f960aa674c6e7f6dbf40b4a1c2684e6fb0456ec5ff0e56b4

                              SHA512

                              c4657393e0b9ec682570d7e251644a858d33e056ccd0f3eebffd0fde25244b3a699b8d9244bcdac00d6f74b49833629b270e099c2b557f729a9066922583f784

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                              Filesize

                              152B

                              MD5

                              81e892ca5c5683efdf9135fe0f2adb15

                              SHA1

                              39159b30226d98a465ece1da28dc87088b20ecad

                              SHA256

                              830f394548cff6eed3608476190a7ee7d65fe651adc638c5b27ce58639a91e17

                              SHA512

                              c943f4cfe8615ac159cfac13c10b67e6c0c9093851dd3ac6dda3b82e195d3554e3c37962010a2d0ae5074828d376402624f0dda5499c9997e962e4cfd26444c0

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                              Filesize

                              180B

                              MD5

                              8f571752a0c4f3f6020966e96c85ef8b

                              SHA1

                              81fa9c853712e71e4b0a7da1f65a0979e90a1236

                              SHA256

                              d0b6f0f7769d5faf34595b539d766fe475ec0a2f7a14d2b8f874ea7edf71319d

                              SHA512

                              517efe07dc09ac97deca70371d45628e01758fdf5acb2809cab374e27bfc9b36caa9b5740b43f4d22fbee417f36156ee2034b02d3b823a51ca9a50b197fbfc26

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              5KB

                              MD5

                              10aafcf5a6d72af6debcc56d7f6d11fa

                              SHA1

                              9e352423e814b61f72cc03d7118e570cdc77b138

                              SHA256

                              0ac89febb49e05d67a6652fa1d44f5218b510f36398365278b232542f2a49297

                              SHA512

                              1453135ad281dd9ad2470e8539c01f55983a19061558138f3160973ab6ef384e6c3457f0f0faca7c1cd2c1d6455e2e4118199090e460a6c556e550b954fffa52

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                              Filesize

                              6KB

                              MD5

                              234708d66922da3ee67c459ae4222e3c

                              SHA1

                              cd1ec10ec4349ad7c951810765410d2fcbb3c5f7

                              SHA256

                              3f7c4c84b68227edc17358cc47b113074c76be175299b35461e91b1433f0570c

                              SHA512

                              2144c02aeec73cdaabd11af8f96e35bffe0a67e7cd01eb93f2a93c4a5a0c10790dfb7e03df05ac7532c41a5327d11a444c4c3db4924a4e44cf409b61f7089175

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                              Filesize

                              16B

                              MD5

                              6752a1d65b201c13b62ea44016eb221f

                              SHA1

                              58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                              SHA256

                              0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                              SHA512

                              9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                              Filesize

                              11KB

                              MD5

                              55b550e0b1f60ab6de41b00944e066eb

                              SHA1

                              a417dfc5173da9ecb8e31934e9b87748192e4be9

                              SHA256

                              753e4c6d91894ed359f7412a7f598f868103e88ba6bb422a2e2942775c437914

                              SHA512

                              5393ad66722df35323c79c04c7bb82063ac20d78cf24f0aec03b72e8315c96c4d7dd8512f1d129a11c4f6729457bddcb207803c168cf513e8cc6aace3de8cb6d

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\8e94a9a0
                              Filesize

                              1.0MB

                              MD5

                              ef6b6e7758d3aec556494e0ef574d615

                              SHA1

                              2464a39a6c32b390a9df9573926e2653341cb368

                              SHA256

                              55b69a01a8190959533f8738723bd2f3a3dfbf9c4ee5c6502ec7c11be6ad9817

                              SHA512

                              aee385c0f13c21754405b376ff25ac02009b93bc7f53eeca4975db085b35d9940b9046cf55829d096cd9a23046e32c38ca4963cd075f2ec4e0672ef4437959d8

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\VSJOOABU.exe
                              Filesize

                              5.0MB

                              MD5

                              fc782de6fd24efe6c36b00d206036b43

                              SHA1

                              ac77d6e28dca95108eb47cc2537c8fa6a0abf0e3

                              SHA256

                              df7aaf0ca12750d0946ce66b5d4ba5432c9ac52dac12c695c35731f19df03710

                              SHA512

                              ede07f66d965bf69635e08247edde473bda57fac07b5cecd7a68947db5a98fd047ecf50f7914fc0a06f6065f4cf8d6cd93dc382e670a7ffc430ba930e91dd142

                              Download Submit
                            • C:\Users\Admin\AppData\Local\Temp\RarSFX0\sile.url
                              Filesize

                              116B

                              MD5

                              e75e695f7a2d182414d787ca722bff5b

                              SHA1

                              1d59df2d17e3807412e2f4ab4664a8055d3563e5

                              SHA256

                              e27a25cf80ab28399d16596ed5a69e19032a8271b95a8bcc78c9ed5b3bd3f12e

                              SHA512

                              85bb0b6c4cc6889cae9de614a56f9a90b1caf9e8886d4fafbb188ad959fbbff09f5fc81d7c1ec4f4634254a937b844a1d6ca9d05118894a4aa039915811999ad

                              Download Submit
                            • C:\Users\Admin\Mp3tag.exe
                              Filesize

                              12.0MB

                              MD5

                              a7118dffeac3772076f1a39a364d608d

                              SHA1

                              6b984d9446f23579e154ec47437b9cf820fd6b67

                              SHA256

                              f1973746ac0a703b23526f68c639436f0b26b0bc71c4f5adf36dc5f6e8a7f4d0

                              SHA512

                              f547c13b78acda9ca0523f0f8cd966c906f70a23a266ac86156dc7e17e6349e5f506366787e7a7823e2b07b0d614c9bd08e34ca5cc4f48799b0fe36ac836e890

                              Download Submit
                            • C:\Users\Admin\dessertspoonful.txt
                              Filesize

                              901KB

                              MD5

                              5ec0bec1221f00a22f9b162cb6efdc1a

                              SHA1

                              c899f5f520418c849f71b7feb05d9372dcd8cc19

                              SHA256

                              5dfd8be12ca42758368f2e9448cf3cc481dc7427b1ee12345afc43fd6be163fe

                              SHA512

                              e448496558fcc13afe7e445edd77debfa9a6a1401fd3ca56eab60bcf50629fb82a9e59e3c01ba0b686a67f79c2b68b5d61a15fd0b456eb81bf45af2edbbb4bf7

                              Download Submit
                            • C:\Users\Admin\tak_deco_lib.dll
                              Filesize

                              315KB

                              MD5

                              4c588fea6bbb3cde23efaf4224658559

                              SHA1

                              4302a6177549eca86aecc590a43092f41b193d7e

                              SHA256

                              e4d9a97d34a3be071fb07978ab12dc122df58283d6dc82b80ad84294bb2db5d1

                              SHA512

                              0feefff8dc5dfcd36fe85befcf10bb27a66aa9e18484f3ceb7b78a0726f4f60d839c0c481291997cb72c673489ce0ea5d671f076ca03f115032574c2d23bbea5

                              Download Submit
                            • C:\Users\Admin\viceconsulate.psd
                              Filesize

                              81KB

                              MD5

                              2918154ca1d0c6e08feb10deeff2bd28

                              SHA1

                              c45b50050e7cbf941e6caf97e6f3dc86d7cedaa6

                              SHA256

                              5329ac53d1de452393d5d03072643ea80e44ce9e4da66652aad1affb0dfb4994

                              SHA512

                              9dbcd887275566f33f70d82e94cc35abd239df437b2dceda3951920c24f283167ecfc60b8187fbb30ed94560ec32b15ea62c2f2d8da329fdfb88d74ed5df1d3b

                              Download Submit
                            • \??\pipe\LOCAL\crashpad_1540_YETJPTKSLJOMHIWE
                              MD5

                              d41d8cd98f00b204e9800998ecf8427e

                              SHA1

                              da39a3ee5e6b4b0d3255bfef95601890afd80709

                              SHA256

                              e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                              SHA512

                              cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                              Download Submit
                            • memory/1196-49-0x00000000004D0000-0x000000000052E000-memory.dmp
                              Filesize

                              376KB

                              Download
                            • memory/1196-52-0x00007FFCF9A60000-0x00007FFCF9BD2000-memory.dmp
                              Filesize

                              1.4MB

                              Download
                            • memory/1196-66-0x00000000004D0000-0x000000000052E000-memory.dmp
                              Filesize

                              376KB

                              Download
                            • memory/3728-104-0x00000000007F0000-0x000000000084E000-memory.dmp
                              Filesize

                              376KB

                              Download
                            • memory/3728-102-0x00007FFCF9E40000-0x00007FFCF9FB2000-memory.dmp
                              Filesize

                              1.4MB

                              Download
                            • memory/3728-70-0x00007FFCF9E40000-0x00007FFCF9FB2000-memory.dmp
                              Filesize

                              1.4MB

                              Download
                            • memory/3728-64-0x00000000007F0000-0x000000000084E000-memory.dmp
                              Filesize

                              376KB

                              Download
                            • memory/4812-113-0x00007FFD17AF0000-0x00007FFD17CE5000-memory.dmp
                              Filesize

                              2.0MB

                              Download
                            • memory/4812-130-0x0000000073790000-0x000000007390B000-memory.dmp
                              Filesize

                              1.5MB

                              Download
                            • memory/5760-141-0x00007FFD17AF0000-0x00007FFD17CE5000-memory.dmp
                              Filesize

                              2.0MB

                              Download
                            • memory/5760-142-0x0000000001000000-0x000000000105C000-memory.dmp
                              Filesize

                              368KB

                              Download
                            • memory/5760-145-0x0000000001000000-0x000000000105C000-memory.dmp
                              Filesize

                              368KB

                              Download