lumma | aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f

Analysis

max time kernel
94s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 00:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f.msi
Size

4.2MB
MD5

93a70c58cbc42d4362fd4cc206d5a35e
SHA1

f769777dec440d5e8900927b42d6c4232d6d58b7
SHA256

aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f
SHA512

db54faa43d5fc83f7160edbda953ba763080f499d8ce20cc0502a357a564d1be60dc44ece4425f5ddfc0d4ce6e47cf5b7e79bf1dfa680ea98cf728191df28a23
SSDEEP

98304:Fn3X3JlbT6t/B7ALNsrYr82OvJ2p9TSNV1+jjz:B3X33bT6dB76NsrYFcw+o

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2588 set thread context of 4948	2588	iScrPaint.exe	94

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e57ecb2.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{8C672847-3E4C-4D02-B74A-68C757912E7C}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIED6D.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ecb4.msi	msiexec.exe
File created	C:\Windows\Installer\e57ecb2.msi	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
372	iScrPaint.exe
2588	iScrPaint.exe

Loads dropped DLL 2 IoCs

pid	Process
372	iScrPaint.exe
2588	iScrPaint.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
4512	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iScrPaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	iScrPaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001a73a27760024bf60000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001a73a2770000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001a73a277000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1a73a277000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001a73a27700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
1228	msiexec.exe
1228	msiexec.exe
372	iScrPaint.exe
2588	iScrPaint.exe
2588	iScrPaint.exe
4948	cmd.exe
4948	cmd.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2588	iScrPaint.exe
4948	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4512	msiexec.exe
Token: SeSecurityPrivilege	1228	msiexec.exe
Token: SeCreateTokenPrivilege	4512	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4512	msiexec.exe
Token: SeLockMemoryPrivilege	4512	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4512	msiexec.exe
Token: SeMachineAccountPrivilege	4512	msiexec.exe
Token: SeTcbPrivilege	4512	msiexec.exe
Token: SeSecurityPrivilege	4512	msiexec.exe
Token: SeTakeOwnershipPrivilege	4512	msiexec.exe
Token: SeLoadDriverPrivilege	4512	msiexec.exe
Token: SeSystemProfilePrivilege	4512	msiexec.exe
Token: SeSystemtimePrivilege	4512	msiexec.exe
Token: SeProfSingleProcessPrivilege	4512	msiexec.exe
Token: SeIncBasePriorityPrivilege	4512	msiexec.exe
Token: SeCreatePagefilePrivilege	4512	msiexec.exe
Token: SeCreatePermanentPrivilege	4512	msiexec.exe
Token: SeBackupPrivilege	4512	msiexec.exe
Token: SeRestorePrivilege	4512	msiexec.exe
Token: SeShutdownPrivilege	4512	msiexec.exe
Token: SeDebugPrivilege	4512	msiexec.exe
Token: SeAuditPrivilege	4512	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4512	msiexec.exe
Token: SeChangeNotifyPrivilege	4512	msiexec.exe
Token: SeRemoteShutdownPrivilege	4512	msiexec.exe
Token: SeUndockPrivilege	4512	msiexec.exe
Token: SeSyncAgentPrivilege	4512	msiexec.exe
Token: SeEnableDelegationPrivilege	4512	msiexec.exe
Token: SeManageVolumePrivilege	4512	msiexec.exe
Token: SeImpersonatePrivilege	4512	msiexec.exe
Token: SeCreateGlobalPrivilege	4512	msiexec.exe
Token: SeBackupPrivilege	4756	vssvc.exe
Token: SeRestorePrivilege	4756	vssvc.exe
Token: SeAuditPrivilege	4756	vssvc.exe
Token: SeBackupPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe
Token: SeTakeOwnershipPrivilege	1228	msiexec.exe
Token: SeRestorePrivilege	1228	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4512	msiexec.exe
4512	msiexec.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 1228 wrote to memory of 5016	1228	msiexec.exe	90
PID 1228 wrote to memory of 5016	1228	msiexec.exe	90
PID 1228 wrote to memory of 372	1228	msiexec.exe	92
PID 1228 wrote to memory of 372	1228	msiexec.exe	92
PID 1228 wrote to memory of 372	1228	msiexec.exe	92
PID 372 wrote to memory of 2588	372	iScrPaint.exe	93
PID 372 wrote to memory of 2588	372	iScrPaint.exe	93
PID 372 wrote to memory of 2588	372	iScrPaint.exe	93
PID 2588 wrote to memory of 4948	2588	iScrPaint.exe	94
PID 2588 wrote to memory of 4948	2588	iScrPaint.exe	94
PID 2588 wrote to memory of 4948	2588	iScrPaint.exe	94
PID 2588 wrote to memory of 4948	2588	iScrPaint.exe	94
PID 4948 wrote to memory of 2424	4948	cmd.exe	111
PID 4948 wrote to memory of 2424	4948	cmd.exe	111
PID 4948 wrote to memory of 2424	4948	cmd.exe	111
PID 4948 wrote to memory of 2424	4948	cmd.exe	111

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4512

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:1228
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:5016
- C:\Users\Admin\AppData\Local\Limerick\iScrPaint.exe
  "C:\Users\Admin\AppData\Local\Limerick\iScrPaint.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:372
- - C:\Users\Admin\AppData\Roaming\NotepadLoadZC_test\iScrPaint.exe
    C:\Users\Admin\AppData\Roaming\NotepadLoadZC_test\iScrPaint.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:2588
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:4948
    - - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:2424

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:4756

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57ecb3.rbs

Filesize
8KB

MD5
9902dfc420943a0aa5f7d0a646d27eba

SHA1
2ad0e344613f37c3fc495d57820826e3a6e9046b

SHA256
ffea7256e477513720decf90f5829dbc27a7cdc21ae515a4148dee7b12ee490a

SHA512
eb9e36d34828f5b2e3e0aa91db678888782ab889eab5a76a633b8af53fe3c2be9492b391963bf59406308ce49fd565ac24985d97151b766ea1e472ba7929fcf6

Download Submit
C:\Users\Admin\AppData\Local\Limerick\WebUI.dll

Filesize
7.6MB

MD5
d4ad539ff52c5af062bdd88deb9d08a9

SHA1
c4264de99b628fc9afd320ec47e004ef1ade1d54

SHA256
44e5c6ac6131bf6b55b9a4c0bd5db41b56da3efcf0797f044bc693abed28dbbd

SHA512
a87696e66564aba54311f49e06fb6948f51531a323dfceae5d3af4b62a140ab009429853e72124ecb03058a0e85c5277b3329cb52f9c3b034f840eee15a45904

Download Submit
C:\Users\Admin\AppData\Local\Limerick\cajun.sql

Filesize
43KB

MD5
10d06a63ea6f430da50e26ed3441ea1b

SHA1
15f43b1d9a5723c6851db5de307df3f0b220a972

SHA256
8a58cca115c3e3c1afd2ba4c4af776306f3b4dbfd6d16704c180d60dd192e40a

SHA512
9669dccc63440c9942a7a13b4f715c8dc65dbb11482d0144c4b7dcbe451b9af0f2c9f894cbc186cc8880b6b68fc70e5191bf54faa4e65e8dff0662afdb21bda5

Download Submit
C:\Users\Admin\AppData\Local\Limerick\iScrPaint.exe

Filesize
1.8MB

MD5
098ac4621ee0e855e0710710736c2955

SHA1
ce7b88657c3449d5d05591314aaa43bd3e32bdaa

SHA256
46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f

SHA512
3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe

Download Submit
C:\Users\Admin\AppData\Local\Limerick\jaculator.app

Filesize
799KB

MD5
eaed4e7f6c2a9d9558061db4f88b6083

SHA1
0992fe807fb82aa4a4cc6a2eebb76346222643f9

SHA256
b6b3c597d404fe24f1f87f1fe5b2cae0b6476e796c6acac1ada9ed02ede1ec07

SHA512
c42ea74bbb9276cc671f9635d8f4df9365d95b43c0d108c02c223a40765df517549a2332c3c427b09ef74d0e7b36a1340dbb733dd4bd14d1c8c2099ce0e5cfa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ab45100b

Filesize
1.0MB

MD5
e8050150cbe08936b70d389821426f4e

SHA1
b89010443e2d864ed792be048952c3acd5425173

SHA256
3f2c9a0859a2bfd0fe86bc3dc9154315085db54999f58a1f161dca4a88c39978

SHA512
d34ca04699af8b1f2900e0b3b43d200bd9769e50b023d84c0c3eb9d17b02b970bf8e1e970906e5327108ec4919aa2389d75ac99003c81d8cf329ade8f29623ab

Download Submit
C:\Windows\Installer\e57ecb2.msi

Filesize
4.2MB

MD5
93a70c58cbc42d4362fd4cc206d5a35e

SHA1
f769777dec440d5e8900927b42d6c4232d6d58b7

SHA256
aa1e63845cbfcee49033a729fcecc2d61cdc2f41968813a45ad64946e8a2ec1f

SHA512
db54faa43d5fc83f7160edbda953ba763080f499d8ce20cc0502a357a564d1be60dc44ece4425f5ddfc0d4ce6e47cf5b7e79bf1dfa680ea98cf728191df28a23

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
9d4acdf790a6369d8d26ce9a9340c128

SHA1
517cc3c289b404244578251f13c64004c03d00ea

SHA256
e1a441383f9db026f168d52ca54ee8c1ff1f0f1fc277a5dcef4203ab8c9680a3

SHA512
a2436906195658e2cd71996b104cf0101a1f0cf98158d40c5d8471380c8a50786df7f1240d39a5679fb5f52262ef86feb7b4ac5cf335c8d962464d4394cf0c37

Download Submit
\??\Volume{77a2731a-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{7c649ae9-e82b-48e6-8c81-10b422ec1981}_OnDiskSnapshotProp

Filesize
6KB

MD5
a0b863c3c2474d4e830004eb1e2d3be0

SHA1
35754368865d23383708638189037756e2c12e2e

SHA256
dec35115eab4649e873404328cafa89d539f481339a220021d8f09afd8bf57b3

SHA512
e8279489357c1f7727e14a1481c4c80a3a18fb82589c93cf716f0cabde53bec5ed0638c2cd211784ad299682c2f5dae54276e907118b90b7624503e73bec2d19

Download Submit
memory/372-32-0x00000000743E0000-0x000000007455B000-memory.dmp

Filesize
1.5MB

Download
memory/372-40-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/372-33-0x00007FFF94030000-0x00007FFF94225000-memory.dmp

Filesize
2.0MB

Download
memory/2424-59-0x0000000000380000-0x00000000003DC000-memory.dmp

Filesize
368KB

Download
memory/2424-58-0x0000000000380000-0x00000000003DC000-memory.dmp

Filesize
368KB

Download
memory/2424-57-0x00007FFF94030000-0x00007FFF94225000-memory.dmp

Filesize
2.0MB

Download
memory/2588-47-0x00007FFF94030000-0x00007FFF94225000-memory.dmp

Filesize
2.0MB

Download
memory/2588-48-0x00000000743E0000-0x000000007455B000-memory.dmp

Filesize
1.5MB

Download
memory/2588-46-0x00000000743E0000-0x000000007455B000-memory.dmp

Filesize
1.5MB

Download
memory/4948-55-0x00000000743E0000-0x000000007455B000-memory.dmp

Filesize
1.5MB

Download
memory/4948-54-0x00007FFF94030000-0x00007FFF94225000-memory.dmp

Filesize
2.0MB

Download