lumma | aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f.msi
Size

4.2MB
MD5

93a70c58cbc42d4362fd4cc206d5a35e
SHA1

f769777dec440d5e8900927b42d6c4232d6d58b7
SHA256

aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f
SHA512

db54faa43d5fc83f7160edbda953ba763080f499d8ce20cc0502a357a564d1be60dc44ece4425f5ddfc0d4ce6e47cf5b7e79bf1dfa680ea98cf728191df28a23
SSDEEP

98304:Fn3X3JlbT6t/B7ALNsrYr82OvJ2p9TSNV1+jjz:B3X33bT6dB76NsrYFcw+o

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2284 set thread context of 3316	2284	iScrPaint.exe	96

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSIECA2.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ec08.msi	msiexec.exe
File created	C:\Windows\Installer\e57ec06.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ec06.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8C672847-3E4C-4D02-B74A-68C757912E7C}	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
32	iScrPaint.exe
2284	iScrPaint.exe

Loads dropped DLL 2 IoCs

pid	Process
32	iScrPaint.exe
2284	iScrPaint.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
4592	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iScrPaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iScrPaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001d4141155d34ac580000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001d4141150000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001d414115000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1d414115000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001d41411500000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3700	msiexec.exe
3700	msiexec.exe
32	iScrPaint.exe
2284	iScrPaint.exe
2284	iScrPaint.exe
3316	cmd.exe
3316	cmd.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2284	iScrPaint.exe
3316	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4592	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4592	msiexec.exe
Token: SeSecurityPrivilege	3700	msiexec.exe
Token: SeCreateTokenPrivilege	4592	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4592	msiexec.exe
Token: SeLockMemoryPrivilege	4592	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4592	msiexec.exe
Token: SeMachineAccountPrivilege	4592	msiexec.exe
Token: SeTcbPrivilege	4592	msiexec.exe
Token: SeSecurityPrivilege	4592	msiexec.exe
Token: SeTakeOwnershipPrivilege	4592	msiexec.exe
Token: SeLoadDriverPrivilege	4592	msiexec.exe
Token: SeSystemProfilePrivilege	4592	msiexec.exe
Token: SeSystemtimePrivilege	4592	msiexec.exe
Token: SeProfSingleProcessPrivilege	4592	msiexec.exe
Token: SeIncBasePriorityPrivilege	4592	msiexec.exe
Token: SeCreatePagefilePrivilege	4592	msiexec.exe
Token: SeCreatePermanentPrivilege	4592	msiexec.exe
Token: SeBackupPrivilege	4592	msiexec.exe
Token: SeRestorePrivilege	4592	msiexec.exe
Token: SeShutdownPrivilege	4592	msiexec.exe
Token: SeDebugPrivilege	4592	msiexec.exe
Token: SeAuditPrivilege	4592	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4592	msiexec.exe
Token: SeChangeNotifyPrivilege	4592	msiexec.exe
Token: SeRemoteShutdownPrivilege	4592	msiexec.exe
Token: SeUndockPrivilege	4592	msiexec.exe
Token: SeSyncAgentPrivilege	4592	msiexec.exe
Token: SeEnableDelegationPrivilege	4592	msiexec.exe
Token: SeManageVolumePrivilege	4592	msiexec.exe
Token: SeImpersonatePrivilege	4592	msiexec.exe
Token: SeCreateGlobalPrivilege	4592	msiexec.exe
Token: SeBackupPrivilege	4208	vssvc.exe
Token: SeRestorePrivilege	4208	vssvc.exe
Token: SeAuditPrivilege	4208	vssvc.exe
Token: SeBackupPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe
Token: SeTakeOwnershipPrivilege	3700	msiexec.exe
Token: SeRestorePrivilege	3700	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4592	msiexec.exe
4592	msiexec.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 3700 wrote to memory of 4808	3700	msiexec.exe	91
PID 3700 wrote to memory of 4808	3700	msiexec.exe	91
PID 3700 wrote to memory of 32	3700	msiexec.exe	93
PID 3700 wrote to memory of 32	3700	msiexec.exe	93
PID 3700 wrote to memory of 32	3700	msiexec.exe	93
PID 32 wrote to memory of 2284	32	iScrPaint.exe	94
PID 32 wrote to memory of 2284	32	iScrPaint.exe	94
PID 32 wrote to memory of 2284	32	iScrPaint.exe	94
PID 2284 wrote to memory of 3316	2284	iScrPaint.exe	96
PID 2284 wrote to memory of 3316	2284	iScrPaint.exe	96
PID 2284 wrote to memory of 3316	2284	iScrPaint.exe	96
PID 2284 wrote to memory of 3316	2284	iScrPaint.exe	96
PID 3316 wrote to memory of 1240	3316	cmd.exe	101
PID 3316 wrote to memory of 1240	3316	cmd.exe	101
PID 3316 wrote to memory of 1240	3316	cmd.exe	101
PID 3316 wrote to memory of 1240	3316	cmd.exe	101

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4592

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3700
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:4808
- C:\Users\Admin\AppData\Local\Limerick\iScrPaint.exe
  "C:\Users\Admin\AppData\Local\Limerick\iScrPaint.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:32
- - C:\Users\Admin\AppData\Roaming\NotepadLoadZC_test\iScrPaint.exe
    C:\Users\Admin\AppData\Roaming\NotepadLoadZC_test\iScrPaint.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:2284
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:3316
    - - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:1240

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4208

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57ec07.rbs

Filesize
8KB

MD5
424d830cf22f0cdfe41cdae150fdcfbf

SHA1
8e73e9b14e34bf367abee6b759ff7213e31ed2a8

SHA256
836cefab81e0a23972d09185d27cfae4253dba7b087548acda16f60ba4662607

SHA512
2685708a077e61f2647f6a39df52d36b68ac380009439816b576b45b534d8d9f678b3f7711d2e79578090f2af3c9c50aabe278d3c373651a2be57a65e9dfbed9

Download Submit
C:\Users\Admin\AppData\Local\Limerick\WebUI.dll

Filesize
7.6MB

MD5
d4ad539ff52c5af062bdd88deb9d08a9

SHA1
c4264de99b628fc9afd320ec47e004ef1ade1d54

SHA256
44e5c6ac6131bf6b55b9a4c0bd5db41b56da3efcf0797f044bc693abed28dbbd

SHA512
a87696e66564aba54311f49e06fb6948f51531a323dfceae5d3af4b62a140ab009429853e72124ecb03058a0e85c5277b3329cb52f9c3b034f840eee15a45904

Download Submit
C:\Users\Admin\AppData\Local\Limerick\cajun.sql

Filesize
43KB

MD5
10d06a63ea6f430da50e26ed3441ea1b

SHA1
15f43b1d9a5723c6851db5de307df3f0b220a972

SHA256
8a58cca115c3e3c1afd2ba4c4af776306f3b4dbfd6d16704c180d60dd192e40a

SHA512
9669dccc63440c9942a7a13b4f715c8dc65dbb11482d0144c4b7dcbe451b9af0f2c9f894cbc186cc8880b6b68fc70e5191bf54faa4e65e8dff0662afdb21bda5

Download Submit
C:\Users\Admin\AppData\Local\Limerick\iScrPaint.exe

Filesize
1.8MB

MD5
098ac4621ee0e855e0710710736c2955

SHA1
ce7b88657c3449d5d05591314aaa43bd3e32bdaa

SHA256
46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f

SHA512
3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe

Download Submit
C:\Users\Admin\AppData\Local\Limerick\jaculator.app

Filesize
799KB

MD5
eaed4e7f6c2a9d9558061db4f88b6083

SHA1
0992fe807fb82aa4a4cc6a2eebb76346222643f9

SHA256
b6b3c597d404fe24f1f87f1fe5b2cae0b6476e796c6acac1ada9ed02ede1ec07

SHA512
c42ea74bbb9276cc671f9635d8f4df9365d95b43c0d108c02c223a40765df517549a2332c3c427b09ef74d0e7b36a1340dbb733dd4bd14d1c8c2099ce0e5cfa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\a0be512a

Filesize
1.0MB

MD5
5e9f5d3fbc8bb41cfbd148cc33fde47e

SHA1
ead65180bc04e5883d67ca8a4a2ffcab2c42dfea

SHA256
98a61df0b5f14e4ee2e5e9eb9fc6f74c6dd6151a3b18830e44c415caa7280bde

SHA512
584392245246cfdac4b2ddb7ef276e967aee06968bb2346da78723a59db4add87bbfc0ef89dfa4f59fa5e028af4ed0f2709176179d0cdce335ca0614f71b011d

Download Submit
C:\Windows\Installer\e57ec06.msi

Filesize
4.2MB

MD5
93a70c58cbc42d4362fd4cc206d5a35e

SHA1
f769777dec440d5e8900927b42d6c4232d6d58b7

SHA256
aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f

SHA512
db54faa43d5fc83f7160edbda953ba763080f499d8ce20cc0502a357a564d1be60dc44ece4425f5ddfc0d4ce6e47cf5b7e79bf1dfa680ea98cf728191df28a23

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
f2e6382871d6b055645a909c457799ff

SHA1
952bb5509836895c8d2c70b95927f51a94d5a515

SHA256
9fe5283f91dd8030f175b3282d1c1adf9873559603d0d3515c9c2a4b362bb051

SHA512
f39d46c270f73d1c0e8a9cb33bf43a89087b422f5adb410d7bfd93fe572c9e82d8e8768801dfb287f638c39a698ae9f6b51513a80f66d31677e3f5676cadf062

Download Submit
\??\Volume{1541411d-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{8607c7f3-26df-43d2-924c-d7070edf2101}_OnDiskSnapshotProp

Filesize
6KB

MD5
86fd104d75833ad2357c3266858c90e5

SHA1
3c3260e2008b030bde59caac8beef96feaa79088

SHA256
3e64ab8c96113ef07904eb7e85abf140b6edc9725ef94179073cd7af221a32af

SHA512
4280e73fa3ffe1ebdda5e860a4293a9e735480c77cd240f28445e129cf25ada81c00351f239d6d6b03091530accb0d7273c4bc03566649f124bd0a47029807e8

Download Submit
memory/32-40-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/32-33-0x00007FFC4C3F0000-0x00007FFC4C5E5000-memory.dmp

Filesize
2.0MB

Download
memory/32-32-0x0000000075040000-0x00000000751BB000-memory.dmp

Filesize
1.5MB

Download
memory/1240-57-0x00007FFC4C3F0000-0x00007FFC4C5E5000-memory.dmp

Filesize
2.0MB

Download
memory/1240-58-0x0000000000130000-0x000000000018C000-memory.dmp

Filesize
368KB

Download
memory/1240-61-0x0000000000130000-0x000000000018C000-memory.dmp

Filesize
368KB

Download
memory/2284-46-0x0000000075040000-0x00000000751BB000-memory.dmp

Filesize
1.5MB

Download
memory/2284-47-0x00007FFC4C3F0000-0x00007FFC4C5E5000-memory.dmp

Filesize
2.0MB

Download
memory/2284-48-0x0000000075040000-0x00000000751BB000-memory.dmp

Filesize
1.5MB

Download
memory/3316-52-0x00007FFC4C3F0000-0x00007FFC4C5E5000-memory.dmp

Filesize
2.0MB

Download
memory/3316-55-0x0000000075040000-0x00000000751BB000-memory.dmp

Filesize
1.5MB

Download