lumma | 835da839a33cf2fe0c98b0a69d90d6ba506f67b7e9bb3897b273abfc86a7c5e4

Analysis

max time kernel
149s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
04-01-2025 05:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Set-up.exe
Size

70.0MB
MD5

49ed2f49b9cf4c5cded3906c247ecd75
SHA1

57f4b2b8cb6310c0272c3d9ad50858abbcfbf7a9
SHA256

835da839a33cf2fe0c98b0a69d90d6ba506f67b7e9bb3897b273abfc86a7c5e4
SHA512

a5c0410f18702cb258ea0aa2242eaa638ac258c43f0d5549794f7253f285cc587fcf461812a96fa114ae88f4bb3fafeddc95b5a4b871546bf45a6c39da8533dd
SSDEEP

12288:oClTmK/OHyQ0nUQL3xfbwfTsLPeh6BhEIaR6yZMwsQ/SZduLdgchrm+qNIolZN/Z:oITmIOMUQVjVPu6Bk6GrmpIoXNNp/1gg

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	Set-up.exe

Executes dropped EXE 1 IoCs

pid	Process
864	Intel.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
2764	tasklist.exe
4920	tasklist.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\AsciiKidney	Set-up.exe
File opened for modification	C:\Windows\IdeCalendars	Set-up.exe
File opened for modification	C:\Windows\RevisionContracts	Set-up.exe
File opened for modification	C:\Windows\JeffreyDomestic	Set-up.exe
File opened for modification	C:\Windows\GroundAngela	Set-up.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Intel.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
3088	cmd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
864	Intel.com
864	Intel.com
864	Intel.com
864	Intel.com
864	Intel.com
864	Intel.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2764	tasklist.exe
Token: SeDebugPrivilege	4920	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
864	Intel.com
864	Intel.com
864	Intel.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
864	Intel.com
864	Intel.com
864	Intel.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 3060 wrote to memory of 4520	3060	Set-up.exe	85
PID 3060 wrote to memory of 4520	3060	Set-up.exe	85
PID 3060 wrote to memory of 4520	3060	Set-up.exe	85
PID 4520 wrote to memory of 2764	4520	cmd.exe	87
PID 4520 wrote to memory of 2764	4520	cmd.exe	87
PID 4520 wrote to memory of 2764	4520	cmd.exe	87
PID 4520 wrote to memory of 2200	4520	cmd.exe	88
PID 4520 wrote to memory of 2200	4520	cmd.exe	88
PID 4520 wrote to memory of 2200	4520	cmd.exe	88
PID 4520 wrote to memory of 4920	4520	cmd.exe	91
PID 4520 wrote to memory of 4920	4520	cmd.exe	91
PID 4520 wrote to memory of 4920	4520	cmd.exe	91
PID 4520 wrote to memory of 4280	4520	cmd.exe	92
PID 4520 wrote to memory of 4280	4520	cmd.exe	92
PID 4520 wrote to memory of 4280	4520	cmd.exe	92
PID 4520 wrote to memory of 1520	4520	cmd.exe	93
PID 4520 wrote to memory of 1520	4520	cmd.exe	93
PID 4520 wrote to memory of 1520	4520	cmd.exe	93
PID 4520 wrote to memory of 2996	4520	cmd.exe	94
PID 4520 wrote to memory of 2996	4520	cmd.exe	94
PID 4520 wrote to memory of 2996	4520	cmd.exe	94
PID 4520 wrote to memory of 2976	4520	cmd.exe	95
PID 4520 wrote to memory of 2976	4520	cmd.exe	95
PID 4520 wrote to memory of 2976	4520	cmd.exe	95
PID 4520 wrote to memory of 3088	4520	cmd.exe	96
PID 4520 wrote to memory of 3088	4520	cmd.exe	96
PID 4520 wrote to memory of 3088	4520	cmd.exe	96
PID 4520 wrote to memory of 1952	4520	cmd.exe	97
PID 4520 wrote to memory of 1952	4520	cmd.exe	97
PID 4520 wrote to memory of 1952	4520	cmd.exe	97
PID 4520 wrote to memory of 864	4520	cmd.exe	98
PID 4520 wrote to memory of 864	4520	cmd.exe	98
PID 4520 wrote to memory of 864	4520	cmd.exe	98
PID 4520 wrote to memory of 1008	4520	cmd.exe	99
PID 4520 wrote to memory of 1008	4520	cmd.exe	99
PID 4520 wrote to memory of 1008	4520	cmd.exe	99

C:\Users\Admin\AppData\Local\Temp\Set-up.exe
"C:\Users\Admin\AppData\Local\Temp\Set-up.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3060
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Speaker Speaker.cmd & Speaker.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4520
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2764
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2200
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4920
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4280
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 797812
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1520
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Shell
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2996
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "Puppy" Particular
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2976
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 797812\Intel.com + Injured + V + Ice + Officials + Developing + Enhancement + Admitted + Jerry + Previous 797812\Intel.com
    3⤵
    - System Location Discovery: System Language Discovery
    - System Network Configuration Discovery: Internet Connection Discovery
    PID:3088
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Transfer + ..\Matthew + ..\Cases + ..\Puzzle + ..\Perceived + ..\Discs O
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1952
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\797812\Intel.com
    Intel.com O
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:864
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\797812\Intel.com

Filesize
2KB

MD5
d8e7546d4b3939adf568dff5ac1c3243

SHA1
15538d81020cab6111602ec349a9f9ca94e0e534

SHA256
4dcad7419b7954b9d9f6e74f6451c18bd4d35aae98904849d094c37c20c45ead

SHA512
7668683df9f5469b9b4545a30c48741d7e80f0649de8ceb9b6eeda2a5650ff2ab5a5acbd80a5d388c27e74740feb72c33ab6dc70bc4dcb7a89e4e509ec5ad9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\797812\Intel.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\797812\O

Filesize
464KB

MD5
0bd0df4e02c980a190bd097f008bb439

SHA1
902586720fc203bb84bab0b3de6d8ab7d39bf3d9

SHA256
74caf515469d0b3e63ba733a51ddc56c1e60ae32559667894f731206a124e789

SHA512
90b2131e371c7fa33c200a3d3ec3b54d06d9d0716bdcf78f2fc5f19ea5551096ee60fce187eaca65806f5d871c0fdf5b2943ddfca0a446aa37504f21da9a9d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Admitted

Filesize
135KB

MD5
33f046e8e2bc5e2628011afe5eea2c61

SHA1
0b955ec3a67dfaac377e4d7dded520fd895fc45a

SHA256
ed8ad3a85aee815c6659856a76e2e6c5ba4d949105ad3ec08a5c9652115781c2

SHA512
385aa200c9b060e63e0787f8b6b73de96c6c7b3e3e3b43379c6e0ff2cdde9cea2078f1d3486252e7f37421e7cf9e85095b045b83bd21addaeec5a97279446696

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cases

Filesize
58KB

MD5
b5e040a81938d5bf11145baebeacd25b

SHA1
bc7e59688c3306b764ac23b260114ec90c0bf00e

SHA256
9dc17db978dad78d57cdb0cf7a0ff42c0ff42ae3626e47d36f426c7a8d49f286

SHA512
942232bab7f16827c384e7a4294f81b3b4571cba31b1324a9d5ce56b4781f3aa60432bafecb48be8fb73ce5a9da2bbbd9bc5f4e0e6189d36cf457070bb3eaef7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Developing

Filesize
105KB

MD5
4e37b5b3167b8ea88db2078668eedc6a

SHA1
bf3ccd401fcd28b243e8f2fd2b2b8e5838ec17b9

SHA256
cbd8ad2c9777286de5c5583b6c44009be79b63b40b0fe0edf3ce64d55cfec83c

SHA512
dfc0d028ffc34446df095495423803a203c5a53bef791522309a52f251ff592098bef5650a8cba7ab5c1411480ad80165f6d2feb86a6f650c4224f287cd5b28a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Discs

Filesize
71KB

MD5
bb3e7b6ded2fe44eed6f7738770648a0

SHA1
ddb96fec00a4f550d1bf0c9dd440933c956d8bb5

SHA256
c15556ee02269eed2f6809c92e02aae44454b48da02ad30a0632b8393d041b85

SHA512
a7940155a5acfb94bd9bed3cc67e408852d2d81cd89c17574ae8acbe9c3c88330d4d14d77e4862dfea7dd3a4a20f28f8143450dae90a5a735a1144760095c02b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Enhancement

Filesize
139KB

MD5
52280c8fbb21350a3ad0867d18504cc3

SHA1
3c9b92d516b0a407211be3e227fc2935f54b0f90

SHA256
0f0e77282fd960a65030c41d71edb534d7fdf20d355efa6621a46eb56733a059

SHA512
af2bf615ad11f84ad97b6300322c93cbf7fe347870d0ea9a67fe49b66c95ab6ff89946032b910faf124e5f07305ea71130f10fa45a45ea2a7b82b33795d80bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ice

Filesize
53KB

MD5
063352d783ba25a930cf15acf5d388e0

SHA1
ec18af2b572da11d0a1673c46ac4c8c793467409

SHA256
112adf15c0468eaa4331b6281be516d810d845975751ecd461552dc03d1ed455

SHA512
59044dff5f7bdfe12263e8715e05296f72720d5954de089a6ef3cdbdf5c5314c9e93dd2edc1d21cdd27c5c02064e3e7f41e9aaac458d23a75038a0d4e7112197

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Injured

Filesize
71KB

MD5
591a579c6d8a1c3189f09acd0f93be9d

SHA1
96f07e53507bc3973f1285c2fa6b4b7b9c6312b2

SHA256
0c0a340f85bbf7c68cac83f29debca50a30b76f9b9bddb6b14c176b42df4655c

SHA512
13a32cf44de9984e4d7862ef1b5d04b134ae7acaaed6eaf4545c9b7debf2c3a74508abb0ff26289c6d68b472caf3fc53046a5de16c33d12a377d089f157344d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Jerry

Filesize
106KB

MD5
60391536f458851f182c56c1025f90c5

SHA1
e65428658c931abd439b456a30ee5d995f0022bf

SHA256
d3d7faa51c5ff10248d059898039828e2217557ba1bbc357d84b4726139a1cd8

SHA512
8f6db445108a36525d1838136eea87a22f3e9e19503897bfd0d077a10dbcaa137c0b8997bb2de09226195d4d0a67fdfef4304cdb8a6a8b32fa12e478f6d80ff0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Matthew

Filesize
78KB

MD5
385c300bee7ca6167e949a099dff7d2a

SHA1
0a6a305e4468e436fec3e82448cc97a46ef6bd89

SHA256
ea16f26ac3b9dcf9b6dca5bd7af7c2bcb3d7fd9b6756cf3db936391cf086630e

SHA512
0b7296ebe440651e8159ffd5e5b43160c8c521400f585ce365eb070067f75c5a9ac08adc6dfe49f91c4592aedb9ef9a449afaec1bbcf2052719a5ed365c5362c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Officials

Filesize
134KB

MD5
30ae5d75a9caccb0c7902f70949af0dc

SHA1
8a9bf9deea246b31686724c52c01fde54a56f618

SHA256
bcfcb407595df90414d10c6422bbac2ccfed48f59076b35fa950c236b36774e9

SHA512
cd3f826bac499d91506288bac9b7cd0f484c3104d7bafe192fc7bbc6531f23848071234489db05f6b5c4cdf1916f3885a42270e293d29e8373280d2781751004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Particular

Filesize
2KB

MD5
dec7eb7a03564e0f8a19997d269f0714

SHA1
4c5958fa7e7698a2360f3f28302150ba2dee9129

SHA256
685c2466be6ac0fc2163f833740a14e3bb993d77b02c9209b809eb65cd16e211

SHA512
ad8e3ae2c218771dd557fbb8b0c7bbcfa43615146432b14edd4d5d003463231bacffa1189ff48b7dbe53bd6eaf069c075fefee1c4abbf4b656ce4b7bdfa058de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Perceived

Filesize
87KB

MD5
27148b31a570368ff17ddf2dee97cbcc

SHA1
408ae7f88b7e57542e726c3623bd08c92f3cf23b

SHA256
d8fc5ccf796b04f34f4c4321e4a600123e5457db675b249624fad42c97b98611

SHA512
77527bdf9b99c54ccefc5db61ce70eb62b35edf8d17487768bb9de42ce914eb9b0548dddeae308266aa83f737786edbc769d2092cab9a890daf0f888e46287a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Previous

Filesize
79KB

MD5
9e6025442f3d21ca732626ca5fc19e08

SHA1
bde6a137238f2a1f2c1bb2798e71846ee9887240

SHA256
c439f6a51f3df550babc73bcc60bbe86547df06a81a751ef88ddea47b142ac4a

SHA512
13a39212035f6870117383b8233861a9370637f9bce91629ba448a05c7edc958a83b1c15ccc96ff7144c394d3c0b085789832db0fbcc6e24d3ec72dad1a5e836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Puzzle

Filesize
75KB

MD5
51aa267d4aaecd2cbb91563f7e4ca84e

SHA1
135b9a2175955fc78984e5244001b5de49442c60

SHA256
19cabd02c613ee1ad13565f4081899417c00734c620f66dc6c05c8a4ff7c51fd

SHA512
07a82f9ff72f5f3936e9a644b8ee5f84edbcc82c46d698f85d84221f46b6901c47d4cd2ac00a0e363224b4290fbec099261b44dbf905b31835e810159b18bc8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shell

Filesize
476KB

MD5
17a5515f0b5cb198812d403515fef5a2

SHA1
7a6d29c7734c9f272bfdb024dbc0aed9278a965d

SHA256
a34d952416a1476ed622c3ecdcfb40c62a2153c9526cf5f291d130d9211bf3bc

SHA512
8ea7090510bd235c93af9de9ba44c6672216080b5e51cb188e4e7588dfc632dde1595044c7ef273bdad8cf4388ba366dbd8262afd28939c33ddec2619f2a905c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Speaker

Filesize
15KB

MD5
8a42c64e3f8bd9af520879f4f11b962f

SHA1
f1baf11cbef7941d2848ed9367e298ff26ad1b22

SHA256
c13d4ca226e90e1c6f91b6a8052ddb07e60d773e16c35a5eb14929254b03afb4

SHA512
a569c729f24b02ac8de9ae49f675283688b9ab98ca61b6aee931630717f3c235d3039c0fcef159cbf025a63c2eefbe2f11d82d2345dfe7153332faffad5c3d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Transfer

Filesize
95KB

MD5
f8397f4028667e77fdadb719d655589b

SHA1
1f684532f9c019724a437acfb6c85d8b2b5d784e

SHA256
5829fec35ba896276eee8847d47597d7dcce9f060b9da19097ad298b51e9ec5a

SHA512
092dbf77f80d182259ce5fb85864f8ce566989356a1c351ce160cb88c82360d2d681001444f1efd8d646509e84a774318909aa0590952330a659d3a988576ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\V

Filesize
100KB

MD5
e19640e715783f26ccd25128b64af49a

SHA1
52875ff85d5d41d1a7e40016e02e0120307da125

SHA256
62eaf997bce6c1fc7bc5dd3e11966ef6c7ffb5409149bbb7c1a5f15b2bf89fc7

SHA512
7d3a528913d03f254d523d4bdd28a1bc2f580aa6e647196c0838c727d665052eee2b2f6d035a598c40f5960fcf1fa197641e850c85cf9a72f6a33b8d04feed01

Download Submit
memory/864-64-0x00000000042A0000-0x00000000042F7000-memory.dmp

Filesize
348KB

Download
memory/864-65-0x00000000042A0000-0x00000000042F7000-memory.dmp

Filesize
348KB

Download
memory/864-66-0x00000000042A0000-0x00000000042F7000-memory.dmp

Filesize
348KB

Download
memory/864-67-0x00000000042A0000-0x00000000042F7000-memory.dmp

Filesize
348KB

Download
memory/864-68-0x00000000042A0000-0x00000000042F7000-memory.dmp

Filesize
348KB

Download