lumma | e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

Analysis

max time kernel
22s
max time network
22s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-11-2024 09:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

SmokeySpoofer.exe
Size

550KB
MD5

ee6be1648866b63fd7f860fa0114f368
SHA1

42cab62fff29eb98851b33986b637514fc904f4b
SHA256

e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511
SHA512

d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a
SSDEEP

12288:SQ5vTleU6iA6AiJ/uJxZjUXUxYcuORWETWOORGzbZr4QClJJRJAr6Ok:SQ5pexaALoXe4

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Loads dropped DLL 1 IoCs

Processes:

SmokeySpoofer.exe

pid	Process
1728	SmokeySpoofer.exe

Drops file in System32 directory 11 IoCs

Processes:

svchost.exe

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe

Suspicious use of SetThreadContext 1 IoCs

Processes:

SmokeySpoofer.exe

description	pid	Process	procid_target
PID 1728 set thread context of 3608	1728	SmokeySpoofer.exe	82

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

SmokeySpoofer.exeaspnet_regiis.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SmokeySpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies registry class 1 IoCs

Processes:

mspaint.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

Processes:

mspaint.exechrome.exe

pid	Process
4676	mspaint.exe
4676	mspaint.exe
4240	chrome.exe
4240	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid	Process
3980	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

Processes:

chrome.exe

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe
Token: SeShutdownPrivilege	4240	chrome.exe
Token: SeCreatePagefilePrivilege	4240	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

chrome.exe

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	Process
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe
4240	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

mspaint.exeOpenWith.exe

pid	Process
4676	mspaint.exe
3980	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

SmokeySpoofer.exechrome.exe

description	pid	Process	procid_target
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 1728 wrote to memory of 3608	1728	SmokeySpoofer.exe	82
PID 4240 wrote to memory of 1176	4240	chrome.exe	95
PID 4240 wrote to memory of 1176	4240	chrome.exe	95
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 2112	4240	chrome.exe	96
PID 4240 wrote to memory of 1964	4240	chrome.exe	97
PID 4240 wrote to memory of 1964	4240	chrome.exe	97
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98
PID 4240 wrote to memory of 3940	4240	chrome.exe	98

C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\SmokeySpoofer.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1728
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3608

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\ResizeJoin.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4676

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:4824

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe4d05cc40,0x7ffe4d05cc4c,0x7ffe4d05cc58
  2⤵
  PID:1176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1992,i,5526709472618476460,10299081542037604684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1980 /prefetch:2
  2⤵
  PID:2112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2020,i,5526709472618476460,10299081542037604684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2028 /prefetch:3
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1796,i,5526709472618476460,10299081542037604684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2324 /prefetch:8
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,5526709472618476460,10299081542037604684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,5526709472618476460,10299081542037604684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4600,i,5526709472618476460,10299081542037604684,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:2076

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2336

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
21af2d469dc8a3acf23e8f2c83e80dca

SHA1
076acff98ac6bc0dad50a05af700cc488ae7da82

SHA256
e4dff30dbc9092eea355eeba46d55513299f2cdda27b1b08a2914f0edc143083

SHA512
de2102817c5f2ca1bbc9f9fefc93aee04849543f8d9292518858da4403cd3d93b41769d73c2182034d69a49a313d8e18f132fa5929ee98b7ce8dda1e7a7f9132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
e1c658beeaee3fae76a38a3b2df8f999

SHA1
066f81c2354af180f3f439bd090a1672080b2c21

SHA256
abaddb5b4d7f67ae7ff4d18f74a292df7ea8c8ee32b5008bcde88e3ecfe79147

SHA512
5925779566d8f204b9d255e9f02df540e1dadcdeda91bff556b3ddea1e79733b191f1d022e99b59f6c6497a3b3cab9853eeab2898b372b97a3e300e475cd0577

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
855864ce93494634633874259c5183f3

SHA1
42a7dff8635edea4d78b4a404340a32bae593d6d

SHA256
0d1254f2c953440016343c4edeffaf0aef6298a17951860b5c2ce1a1f251c4ad

SHA512
d8870ec28cdde8e24aa669f19a15957308a10e7a599930804e4a464edcacf4f1f7945f5d743ac47047993ba20a5e9538abbe8171bb1dad652c23e9942043af59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
48b45062ff4fdf7d0cb3a2e646e543d9

SHA1
a1296dadafe3388747345f2f6cf68946b98a0fce

SHA256
c7c80efd0e11c2dc4c4f3f374335f6139cdccaa5a6d21a6f064a442ca09d1a1d

SHA512
0cd6e1c097db5caf0bac0daf933e863596be1bf83cd7f471ade6e8fdd8c905695e54934d0083369bf2fc971fbf9d01bd455ac734dea4dd232cbca1a38a179878

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
642KB

MD5
9bc424be13dca227268ab018dca9ef0c

SHA1
f6f42e926f511d57ef298613634f3a186ec25ddc

SHA256
59d3999d0989c9c91dae93c26499f5a14b837a0fe56e6fc29f57456f54a1f8a2

SHA512
70a1abb35bd95efc40af6653d5db2e155fab9a8575b7ae5b69ab3fbcd60925c66a675dac6cba57564a430e9b92f1a2ea9e912c4d7f356b82696ed77e92b52715

Download Submit
\??\pipe\crashpad_4240_HPSIIDTFCFKIWMYZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1728-14-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/1728-13-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/1728-16-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/1728-2-0x00000000752C0000-0x0000000075A70000-memory.dmp

Filesize
7.7MB

Download
memory/1728-0-0x00000000752CE000-0x00000000752CF000-memory.dmp

Filesize
4KB

Download
memory/1728-1-0x0000000000BE0000-0x0000000000C70000-memory.dmp

Filesize
576KB

Download
memory/3608-9-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3608-12-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/3608-15-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/4824-28-0x0000026650AF0000-0x0000026650AF1000-memory.dmp

Filesize
4KB

Download
memory/4824-36-0x0000026650C10000-0x0000026650C11000-memory.dmp

Filesize
4KB

Download
memory/4824-35-0x0000026650C10000-0x0000026650C11000-memory.dmp

Filesize
4KB

Download
memory/4824-34-0x0000026650C00000-0x0000026650C01000-memory.dmp

Filesize
4KB

Download
memory/4824-33-0x0000026650C00000-0x0000026650C01000-memory.dmp

Filesize
4KB

Download
memory/4824-32-0x0000026650B70000-0x0000026650B71000-memory.dmp

Filesize
4KB

Download
memory/4824-30-0x0000026650B70000-0x0000026650B71000-memory.dmp

Filesize
4KB

Download
memory/4824-17-0x0000026647F60000-0x0000026647F70000-memory.dmp

Filesize
64KB

Download
memory/4824-21-0x0000026647FA0000-0x0000026647FB0000-memory.dmp

Filesize
64KB

Download