lumma | 17e8ebdf1c3303f6c9538e9998e533962aa732a1356434d6cf78ab353f3a9f06

Analysis

max time kernel
94s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 14:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

[UPD]Intel_Unit.2.1.exe
Size

1.1MB
MD5

25b4bac0866214df0bcb32a8dc280555
SHA1

58513411b725c0f264013acacaba7fe069208aa7
SHA256

17e8ebdf1c3303f6c9538e9998e533962aa732a1356434d6cf78ab353f3a9f06
SHA512

4f63a60288d8e15eb01843d1ecc61344606a4e3bf0933cf8bd02892dbb7d2167b7b35d4ff17c5207b25057520d7147bfa4bed38d75b6429f0c9ebe6458de592d
SSDEEP

24576:setHGMwy9WuUSPl/hw6z89q1zfaaJ+1DPVhPQLc3nVQMd:j7zMU+0pJQ9hPQcQu

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	[UPD]Intel_Unit.2.1.exe

Executes dropped EXE 1 IoCs

pid	Process
3784	Hugo.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
380	tasklist.exe
3076	tasklist.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\FranchiseReed	[UPD]Intel_Unit.2.1.exe
File opened for modification	C:\Windows\ChristineSnapshot	[UPD]Intel_Unit.2.1.exe
File opened for modification	C:\Windows\BmAccurate	[UPD]Intel_Unit.2.1.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[UPD]Intel_Unit.2.1.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Hugo.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3784	Hugo.com
3784	Hugo.com
3784	Hugo.com
3784	Hugo.com
3784	Hugo.com
3784	Hugo.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	380	tasklist.exe
Token: SeDebugPrivilege	3076	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
3784	Hugo.com
3784	Hugo.com
3784	Hugo.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3784	Hugo.com
3784	Hugo.com
3784	Hugo.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2668 wrote to memory of 4632	2668	[UPD]Intel_Unit.2.1.exe	83
PID 2668 wrote to memory of 4632	2668	[UPD]Intel_Unit.2.1.exe	83
PID 2668 wrote to memory of 4632	2668	[UPD]Intel_Unit.2.1.exe	83
PID 4632 wrote to memory of 380	4632	cmd.exe	85
PID 4632 wrote to memory of 380	4632	cmd.exe	85
PID 4632 wrote to memory of 380	4632	cmd.exe	85
PID 4632 wrote to memory of 3284	4632	cmd.exe	86
PID 4632 wrote to memory of 3284	4632	cmd.exe	86
PID 4632 wrote to memory of 3284	4632	cmd.exe	86
PID 4632 wrote to memory of 3076	4632	cmd.exe	89
PID 4632 wrote to memory of 3076	4632	cmd.exe	89
PID 4632 wrote to memory of 3076	4632	cmd.exe	89
PID 4632 wrote to memory of 4116	4632	cmd.exe	90
PID 4632 wrote to memory of 4116	4632	cmd.exe	90
PID 4632 wrote to memory of 4116	4632	cmd.exe	90
PID 4632 wrote to memory of 2352	4632	cmd.exe	91
PID 4632 wrote to memory of 2352	4632	cmd.exe	91
PID 4632 wrote to memory of 2352	4632	cmd.exe	91
PID 4632 wrote to memory of 1700	4632	cmd.exe	92
PID 4632 wrote to memory of 1700	4632	cmd.exe	92
PID 4632 wrote to memory of 1700	4632	cmd.exe	92
PID 4632 wrote to memory of 2528	4632	cmd.exe	93
PID 4632 wrote to memory of 2528	4632	cmd.exe	93
PID 4632 wrote to memory of 2528	4632	cmd.exe	93
PID 4632 wrote to memory of 4520	4632	cmd.exe	94
PID 4632 wrote to memory of 4520	4632	cmd.exe	94
PID 4632 wrote to memory of 4520	4632	cmd.exe	94
PID 4632 wrote to memory of 1204	4632	cmd.exe	95
PID 4632 wrote to memory of 1204	4632	cmd.exe	95
PID 4632 wrote to memory of 1204	4632	cmd.exe	95
PID 4632 wrote to memory of 3784	4632	cmd.exe	96
PID 4632 wrote to memory of 3784	4632	cmd.exe	96
PID 4632 wrote to memory of 3784	4632	cmd.exe	96
PID 4632 wrote to memory of 5084	4632	cmd.exe	97
PID 4632 wrote to memory of 5084	4632	cmd.exe	97
PID 4632 wrote to memory of 5084	4632	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\[UPD]Intel_Unit.2.1.exe
"C:\Users\Admin\AppData\Local\Temp\[UPD]Intel_Unit.2.1.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2668
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Cloudy Cloudy.cmd & Cloudy.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4632
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:380
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3284
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3076
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4116
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 686536
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2352
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Justify
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1700
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "Backing" Kelly
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2528
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 686536\Hugo.com + Ware + Sanyo + Pg + Folk + Lifetime + Robert + Enlarge + Hence 686536\Hugo.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4520
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Selection + ..\Suse + ..\Illustrations + ..\Alerts + ..\Smart + ..\Steps + ..\Lovers y
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1204
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\686536\Hugo.com
    Hugo.com y
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3784
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5084

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\686536\Hugo.com

Filesize
726B

MD5
a711d925e8138f471bf63340a1d18ed7

SHA1
c8e2dc29c61cda7cc0162cfa8a2ec1b572b392e5

SHA256
91e1c43a78443fe19f91ffb24fedb5ee0e682eaf171333adde2823b7245fe32a

SHA512
d404b2ae98e9ca5874b53a3d43b13bdc228d7dfaa9f253672b40e17b736d65046a58177c6f35d014907ff4e5594bea09c73d0ee80eadf0c1881e36a731f6a893

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\686536\Hugo.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\686536\y

Filesize
491KB

MD5
ef22d3bb3fee9293e4e5791bee1ab44e

SHA1
740c90a88f6c85851c2e563c14d4aebf063fd329

SHA256
12de133e6f46b487b0fc8fb466c30ae189a62d6b77e17758bef1d78cfe7ca4b5

SHA512
85e58eed3e443296c38af6607069a18ce671e4832252fae1415b4b534b5f888907a2bd41b92607680c2e0392875f346a18c0378aba081d4e45a2a191694d9c71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Alerts

Filesize
81KB

MD5
510084fbffb3520f7a585509c43359ea

SHA1
18bc385b4cb45dd43048c08fdd9796de5d7ca496

SHA256
81028c1c0254bf3661f66464ff5c32329a07a5f65dd33bfab95f9d20e8d2c25f

SHA512
e4e87c88b6bb4996d26347a76624e2c9f6cb39f02fb12ee7fab0f894b021566cd0bb001a92f0460aeca75241d24a246c8551e061904e82a8060b25f62a8f3cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cloudy

Filesize
25KB

MD5
dc3247a74de4c37c027693d52c68b7c8

SHA1
0de55f47e610c7221e41c9c078d7b84c84abb3a6

SHA256
260233a98b15c80a0c13d315497a2576448fe51cbb9bd98ea4fb89a614784a09

SHA512
3f7169fafecee09ee131999a2d47e1e8d64fe54041020030ff0fcbc3d8a7f547b67518439ad9d2f603907db71d8fced989787a91a05a3ce296f89d02af5e594a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Enlarge

Filesize
127KB

MD5
984483c838f29524ae19e3f2e7bb977b

SHA1
c4fb3a6f1323f8c752106f8b668a8441435d94df

SHA256
70e9edc7b1b2b7ec84a2d8679f8e1a3ec53d6f8fa0006cf0abad774949af47cc

SHA512
b83be32e13120181058a53252ab13461dc07ad07823c2115ea98a6c8ef575a5f735f1ab7d8d9f5343a43f428e9507b94f86b85b24846e9d514571099e3eb9462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Folk

Filesize
120KB

MD5
c8ecca0c247e1a92e140915b9cdbfe17

SHA1
21875091eb1b0d2c0b79b9ae2b754e4ff7986963

SHA256
1e5c8764a4183f950b728763e233f2ea5d966919a803e2cfd5abb8db989b3f79

SHA512
7438b2ea36f8678ded36d70ef904fec66386d440fd4d9f4661cf54b4d04f1ae3e9a6306733245383adfd198af7e6bf1cf36bd2f1fc79a0d479d2fbf6b7098b97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Hence

Filesize
63KB

MD5
49a649199465ec61134d866da13516af

SHA1
d69e79c87804a3a1068b3d6ef7e50b25635f1467

SHA256
2b1453087de0e47a5575e063bbb2d64dcacb82c51c382d42f624a4729b241aed

SHA512
7c5b1a670da223f411bba9dad8df6802cbb421562c048995a08603ef12ccf0a1d7633c6a8372cb78671b77691789894212122e81b1d6afdeb8cf5573ca9d739b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Illustrations

Filesize
99KB

MD5
74211a093ace2419fddabf68402441eb

SHA1
9cd16d7918aa0fc4a735c55a8b8e5dcbb74ea4cc

SHA256
175e85a1f212bddb8cc6ecb55ba5bb566cbe5ba08685929e0e56834d24acf70f

SHA512
49c84398c911d63d20b6412b3587058544c6d22684c3e2a1d18896fc897756285f1eab24a9c0f6aea34932fe8f28562d97c18d7f30821a380a190aa23fbdcdb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Justify

Filesize
477KB

MD5
2028cdb5d355ae0ae129ede2856e6af7

SHA1
3a516e498a9c03e71db0eeb7f0ae1c2e121d97d8

SHA256
d1cd829a22a96b6ef923b099edd0a70148e0df7952bce709dfeabdb0821481cb

SHA512
292cc1be4d47fc76b88404ae1e7a801e0ec352766ae3803e711f3082a777bc97933ab2c17ab5852ec6b582bbf6f4bf3f7dffd82aa000ff30c2fcbcb638c7aa70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kelly

Filesize
733B

MD5
7a8ce9a909ce0c4c0f9d5a47f16dab6b

SHA1
d04bba85758b2c21a742305d73625e5b35eafb61

SHA256
3c0dca2776c4ff962652481fdc54c593e38c0af50016626a7991bf68003563c0

SHA512
5b636ab0d20417867113ada0dd1ef95bd1abd542e05334bd729d290f090b3d3eb07d1d2b54f8875cd0d0435bad45bf152e8c2c7a10cd331e61c078d917e0babb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Lifetime

Filesize
89KB

MD5
d2cda7cbdd60af9772657b615b472b06

SHA1
c8b89329d2dfab08171c51e446e9156d4e8652d6

SHA256
377142412a126e3ed09f750db4970a696ba3f5a5e042a17fe34e82754c5d145c

SHA512
152faa9becd1de39c1dbd6b074d713b16cb174cbda1124af9e4d2aa7950ff7ac58063ab1e916b19988f8eee2c7602e4e3b4009f2a03ecbf2bcece604ba52c53f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Lovers

Filesize
35KB

MD5
275bb06e411e18b2f2413c99f90b273c

SHA1
b0b56521a5df919287999a6367c9e9db452e15da

SHA256
fccae85d1b45a4a6f6a9bcb369fa7c8a012dc2fcc3e6ad2d93bdddff527ebb6f

SHA512
89936cdde69a00f5501db3ccda1c1a80933e5b36fa60a103bf33c9f6aeeb8d0ce5ef329be445898ab2c5c7c0863909b855b5f913f07d9eb838b8ba71c87b3e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pg

Filesize
137KB

MD5
2b437132a55bfa02a968b7176f510e8a

SHA1
8fd9c04cbfd4b66dadd61a4095fb488d3672f76e

SHA256
b31778d643869e67eefb497906f92bd0605ec0ca0ea0b658d5dfaf99445ad506

SHA512
4b9dc69684afb7f49a5f300692763e8164798e3bed7e14329ce36efbb65642a00ea83cd2cc26606a472a6b5da265ca5273ffe8ff7c06c842229503aa1935c476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Robert

Filesize
99KB

MD5
5e91d4fd817d0861a7a01118369251c4

SHA1
48c4a668b72c583f8a98e98485135e04cb63bd35

SHA256
c4397deefb0cfddb5c71f93fa5d993b698c88d10c1aa9b550face439f09e6a0e

SHA512
80883d353dc41838ae9f054dda5bd15604361802e3a1c7ef516356c689e3cc6248c47e0f04c1ff9f7de9d3dc92ffe0b3e9739fadb3249599122c307cab6b2c90

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sanyo

Filesize
143KB

MD5
81a88e12d802c5bc732e0cfea18f022f

SHA1
3b1671df94e6c36429db33cc5d127f2da509a43b

SHA256
8ed1351b297f6ae561d8cbcb860470bf4cda8e9c77cbbae1dd9ec2b5151ae86b

SHA512
ce507ecde5ba3bd54c9b1fc87c78fd0f876df74b5045e73c420a883638301270511dbca8135933eede367636abbefb9845ca54ea78bdced75c57c0f0f3aebdfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Selection

Filesize
73KB

MD5
779ebb32a40c9a64396eacd3cbdd721c

SHA1
deb9ebdc964bc43ce160edf0e3808a18e3cc89ed

SHA256
bbc2d48f751a6fcbe3a19470be69d77da346f4c87e38a0421fd4ce941ca592de

SHA512
68eb848d8a2dbe411062b2b99a2896bfd67f4915c3e38dff2d2b62ccf9e41fa15906d3170df586aec52faee4c81e1d6537fc95ec961cf4a7becff43c7d59ff01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Smart

Filesize
76KB

MD5
7bb1c7168444847e64b8d52a19d526a4

SHA1
b0577e3414d38f3a036895e78d0a8beb186622dd

SHA256
8259d660879a9a28012b0d7f4d1a360b8bcfbbcc01cbcd308e04455c5e2766d7

SHA512
70a54ab94335aecf6c6f77a9c2abf8e27131d43d981ec6656b4a5522444a1ef548c968002e3b663c6799e180f07142d4c8dbb33d35427ffd3307839f05234045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Steps

Filesize
56KB

MD5
0dd5041d2a616872a113d55b19c45a1e

SHA1
b60405e4cddf57920b0ef1929ac47043a1101c2a

SHA256
2257296ba16a378e02d68d82ff9bd280f3ad173e013248d9369ce08f4f900094

SHA512
a8a3f2ee5140103bc7e49c3d1abc838c921cec0616fe13e199dbbd807f73bb839067fb11901d37b5c7edbd2464e94f4bada81b036bea3357979dd7aabbae13da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Suse

Filesize
71KB

MD5
cac74fa897b87e72256e7d176de38b23

SHA1
7ec04d342ade1e868751c07c01bdfd93216bc87e

SHA256
6b6d3f0088a0bfcb9652fdf848ad15cb8e0303de35ddf1f90517991eec557571

SHA512
d1b7aeaea71163c5922ed90f0ecab266299f77bfdf0b4a73042123df5565bac425628fedc552180a083872d74b5a1676423f10b8c90140ebe228f430557cbefa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ware

Filesize
146KB

MD5
c7024f7ebc1135660d5a31bd4d90182d

SHA1
79cc0ba360e6fcfa44b1d963b677a3b9f1520929

SHA256
68a96df5c94374a988ea3d1222a7931eb24565fb78ea6832d5a6bdc993095ec9

SHA512
fcc61387e7dfd07d90e64978126c7cfbd573dceda02acefb8770d3033345e69928f6db34c72e55547ec4a24547a8655487eea93e912d2e59aafd2affd5b74955

Download Submit
memory/3784-63-0x00000000046E0000-0x000000000473B000-memory.dmp

Filesize
364KB

Download
memory/3784-64-0x00000000046E0000-0x000000000473B000-memory.dmp

Filesize
364KB

Download
memory/3784-66-0x00000000046E0000-0x000000000473B000-memory.dmp

Filesize
364KB

Download
memory/3784-65-0x00000000046E0000-0x000000000473B000-memory.dmp

Filesize
364KB

Download
memory/3784-62-0x00000000046E0000-0x000000000473B000-memory.dmp

Filesize
364KB

Download