lumma | 8e7391f55642f8b52e8c20afb4007a7df1a85215a12660cff88590b4cc631420

Analysis

max time kernel
93s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
08-01-2025 19:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Setup.exe
Size

1.1MB
MD5

2c87ed3ac24adddcaface3c66eafc395
SHA1

1d74e99450fb026cf88b400a905ee8d4c2814652
SHA256

2bde8b140b1c7071d6e5e353e0c3a32365319f4b7a9112a3ae8d13a0ebc149d0
SHA512

9cb0370d3d14679bbeb00ea5b3df7b930969384c7cc0c26d9fc97085236c7f6cf710a10b32e46498226cdcd5714c4e9aa115a867fa40648fa280cffb5d05f257
SSDEEP

24576:OO8tRi0TnvbcSa4zqlVb1MgugMGzL9pfi6Z43CvoNCkAjTerUElDG6b7Tb7j:EH9Lvbta2qr1ruAfi6Z4Hw+zlDGQ

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://freefacerz.sbs/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	Setup.exe

Executes dropped EXE 1 IoCs

pid	Process
4376	Way.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
3112	tasklist.exe
2456	tasklist.exe

Drops file in Windows directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\BookingReplied	Setup.exe
File opened for modification	C:\Windows\DeadlyIrs	Setup.exe
File opened for modification	C:\Windows\CultGraphic	Setup.exe
File opened for modification	C:\Windows\ExamineConfirm	Setup.exe
File opened for modification	C:\Windows\EnterprisesTmp	Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Way.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4376	Way.com
4376	Way.com
4376	Way.com
4376	Way.com
4376	Way.com
4376	Way.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3112	tasklist.exe
Token: SeDebugPrivilege	2456	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
4376	Way.com
4376	Way.com
4376	Way.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4376	Way.com
4376	Way.com
4376	Way.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 5084 wrote to memory of 3656	5084	Setup.exe	82
PID 5084 wrote to memory of 3656	5084	Setup.exe	82
PID 5084 wrote to memory of 3656	5084	Setup.exe	82
PID 3656 wrote to memory of 3112	3656	cmd.exe	85
PID 3656 wrote to memory of 3112	3656	cmd.exe	85
PID 3656 wrote to memory of 3112	3656	cmd.exe	85
PID 3656 wrote to memory of 4928	3656	cmd.exe	86
PID 3656 wrote to memory of 4928	3656	cmd.exe	86
PID 3656 wrote to memory of 4928	3656	cmd.exe	86
PID 3656 wrote to memory of 2456	3656	cmd.exe	89
PID 3656 wrote to memory of 2456	3656	cmd.exe	89
PID 3656 wrote to memory of 2456	3656	cmd.exe	89
PID 3656 wrote to memory of 2164	3656	cmd.exe	90
PID 3656 wrote to memory of 2164	3656	cmd.exe	90
PID 3656 wrote to memory of 2164	3656	cmd.exe	90
PID 3656 wrote to memory of 824	3656	cmd.exe	91
PID 3656 wrote to memory of 824	3656	cmd.exe	91
PID 3656 wrote to memory of 824	3656	cmd.exe	91
PID 3656 wrote to memory of 4244	3656	cmd.exe	92
PID 3656 wrote to memory of 4244	3656	cmd.exe	92
PID 3656 wrote to memory of 4244	3656	cmd.exe	92
PID 3656 wrote to memory of 1608	3656	cmd.exe	93
PID 3656 wrote to memory of 1608	3656	cmd.exe	93
PID 3656 wrote to memory of 1608	3656	cmd.exe	93
PID 3656 wrote to memory of 3508	3656	cmd.exe	94
PID 3656 wrote to memory of 3508	3656	cmd.exe	94
PID 3656 wrote to memory of 3508	3656	cmd.exe	94
PID 3656 wrote to memory of 4688	3656	cmd.exe	95
PID 3656 wrote to memory of 4688	3656	cmd.exe	95
PID 3656 wrote to memory of 4688	3656	cmd.exe	95
PID 3656 wrote to memory of 4376	3656	cmd.exe	96
PID 3656 wrote to memory of 4376	3656	cmd.exe	96
PID 3656 wrote to memory of 4376	3656	cmd.exe	96
PID 3656 wrote to memory of 3096	3656	cmd.exe	97
PID 3656 wrote to memory of 3096	3656	cmd.exe	97
PID 3656 wrote to memory of 3096	3656	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Setup.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5084
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Kelkoo Kelkoo.cmd & Kelkoo.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3656
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3112
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4928
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2456
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2164
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 523031
    3⤵
    - System Location Discovery: System Language Discovery
    PID:824
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Clean
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4244
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "AGED" Combined
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1608
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 523031\Way.com + Trailers + Fig + Forming + Iran + Du + Incentive + Exciting + Purpose + Carl 523031\Way.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3508
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Pasta + ..\Bumper + ..\Containing + ..\Ta + ..\Convicted + ..\Immigrants + ..\Den T
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4688
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\523031\Way.com
    Way.com T
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4376
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\523031\T

Filesize
493KB

MD5
a2c7b2f6dce9d6aeda54e61e2ed242ed

SHA1
56aeca314d1781f7eb60ba454dea21ab30458c1d

SHA256
5424b08b8522a00c36b0dc90d52213bbc0c1ed3a4d7e0cf8f166ea7ae2e27fc4

SHA512
a8f142530c755be42500f1fb29c54c38e686adefedf273bc25d385b2cb2302a87d870bc69fa0a7f34bd0aa7bd4ac2e57bff06d5c73e05d124eb5b8405046de11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\523031\Way.com

Filesize
2KB

MD5
744accb3dfe9177d4311a7a5b8a38de0

SHA1
df128f95c0c74d43bc2b08cccb1be3a0cd10c5bf

SHA256
896b5c031a7e787507c468cf6007ab76ab8778d5290712f82cba447b7d67f7c8

SHA512
8e3e416c8fc8699ae29284b0f0bbcf1a6a9c7a397618f3da0282f6a588cc61f4b36d94eb72367278464145e43ab038751d4cf65190f208e8acdcefcafffe1752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\523031\Way.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bumper

Filesize
94KB

MD5
1c72f8c8cbdf2effbd9594dc952b70ab

SHA1
b411de78ad63803e86960b5ac3423b30bc986c6d

SHA256
c6d16703534d4ad39fb381c1824da2e62f4d69388c928d59c2b7f269cddb7a55

SHA512
14d172a55613b0fa2107b381f7a82edd270c9213c5acf50f471459a036b0619ed1a010e068f8e512576312a668c2c356faccd2beea98b7328ad23b640c8eeae6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Carl

Filesize
96KB

MD5
07142146c5ebd0aa7b857628eaca36c3

SHA1
aa7733d926ff6b4668c0a803ccbbd8d8f1805b47

SHA256
7f4dd0cc94843f53d77dd478f1216bc384eb5310fc18de97688b577699aaaa79

SHA512
8caceb719e2d736f91b3967736260af8b8fdd4ef02ebe22bf999b9be176edafbcaed70837a42f710a648f800882ef28e0a4f50edcff1d41bff4d90046b57dce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Clean

Filesize
477KB

MD5
da0a8975fb8eb33f4dfcfc9fe1b9b4ce

SHA1
817868120286c64ae52573b7d7686682be7d7bd5

SHA256
240ee6886e549b29f150af297d6afb50ff96cc4e3fcc17aec064c18c5d7055ce

SHA512
53ef13ca6026894db5292d6c14c3536086ac887ac86990e08757e074627dfbbec8492c1445bb488a8d4535e680b2a5ff586d799ac9d1aa54a7a2e00357e6f43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Combined

Filesize
2KB

MD5
7a187598101986f637a5e78b6330b7e1

SHA1
80eb904296208e27ab2fb21a5e7c864f868fb004

SHA256
01dac2c074f4c2c4278a075068785087dc0a147e4e6b2778d21c9ab2bbb5b4b7

SHA512
aa1e9f28241129bcab229bccbb46ef60d6848cf6f37f493b01fb00535fb314597f90021b1daa5316be34dc7674351517dfcbc484dbd8419fa398f2ed8d337b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Containing

Filesize
73KB

MD5
f1b2c37147023e09f8e8bc45c3b8f5af

SHA1
6e7525a751393ffc57c44eb15a7ab1cdfab8587e

SHA256
d66490d58165f0dd5d53892b9d2ee1e8aefddce0b52a800bf1db7c7764be7028

SHA512
9ba3c1ba09efb6adef25f51da8c72d41dea19ae0922bac1d97b2dbeefd5f83fc5b74d5199a49e38830d324b314b614d7c3d77908e122f951bc49828e5d0e7e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Convicted

Filesize
56KB

MD5
f5a6846d471dda2f625d7e9df618f539

SHA1
f75eaa8c88752fd8fa89446fdb2530cd0108901e

SHA256
a4be03457e9b2aadcd5fd9ec481ce23053a2749c8f9e1c6d3510ce3e469ddb15

SHA512
2acb2448649ecb0e547118ef3b460f3dcd754521f45660a9a19247cd6746a4d2f62cfa9ba6ae363cd5ef8d65cc9bc923b9813c17e8f95cab7b6e1511fe217738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Den

Filesize
40KB

MD5
6ca2cecfbc6798dee3b4c1b3bee5144b

SHA1
ca676cc1fa3cc2853262149ba647e267facce2b0

SHA256
d08d35c4d6b9920db95decb0b496030d4527eaf44300b20a02dae31e8f563833

SHA512
459b0afccd33b963c92ee3a6652f2ad567a48219d1b9a296c11b9f5165adfb1a9d66af032dd7ea9ec3a9e914507dda192eac8d67f478873298941195598a2125

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Du

Filesize
123KB

MD5
431e3139b47c188258b5b498db5c0908

SHA1
df12a9a3224cb903cb7d25ba5f6a98474a767a77

SHA256
3065f92427bbc0a1a83b098ac5ab7ccf547b77ad8580cd6d659117081e38cbd8

SHA512
c6a5e12e6863d237f743d755754c8e525e540d7662459970d140761aa68edc1ae15e3bbc73a4161fa995f9e42043898e972b233c79877ee963bb0590ba03ef06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Exciting

Filesize
109KB

MD5
926e28396f15fd14fd2fa54f358cce6d

SHA1
2479f6a00b503aa8a994e225ce9f245716ee2bf0

SHA256
3bfc7aebc3e00b94b9382c4523b6d39d203388e6f935a64cd56a5ceb9d1c1707

SHA512
c10fc66f8fb74913062f2040e02eda7f87cf0789e1973b1b4e17d964e39677aeec05d03d26b34e1a5378e1c326ba6fcea3e3f79439b0ae490e62adde626f64e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Fig

Filesize
70KB

MD5
32938b33c7e8231df98d2c8db6503716

SHA1
35e0e0a7aeaeaa315ddd36148db7bfab80894727

SHA256
50d3ad84a81975915325f451930450fcfcad4db960f422ed9b40bd1e818594c3

SHA512
7734bbcea2e233b080959ba27af93c6198e31a1fd19a4ce6290fea3b9b9089e71643a82c217723264c9ac0efdbdefb8565d0d3ca42939ce39e020010ce6152fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Forming

Filesize
102KB

MD5
cd5022daba5fbc9e6b77a25be21b7edf

SHA1
d89876957a5053f4de64b47dbdc747d2b5223e31

SHA256
5f86441f5397f0c166b40c37a07769f43d798e8a5624f6844b9a05aad56ba846

SHA512
b70f59f81c35cab1006fe9862b5839135685f5d72638df4e171513d934ec07400d20d8cdf9308af99b5a729f1d0d8c6bb2f5ea4defb1f5ef102405b32124899f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Immigrants

Filesize
58KB

MD5
3705ca14713aae2a6a08660f6a737f3b

SHA1
a921c257350e2ed38159a21f37097682083449c0

SHA256
bb33c3676fa623799ba81d7accbe42381b7c136fb745ba2cdb29cba734787873

SHA512
89ec6fed7e47a383d417f49ca701bd0364b073d8cffa5c9b3ffc90f400b9e1e8ac608b07987826bda9662e80cb2ed86f450a13e134d7fc5aef021e5c70c5a814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Incentive

Filesize
106KB

MD5
1860fc016d49315fe30d6c2ca2d78aac

SHA1
0bdb6b8e676ec44ab558d7cf9250ae02b72ee542

SHA256
da1d250666a81ec5576af64f7cd75779777ebe03f7f40cc07648c087fa2c98d1

SHA512
286f96614cbcd45836119366d1c171625680120e6bc463369e9319ad7e87fc29dbf924eda1131634c13046e9caf87021755206f5b8a5c89e866a7a29ad4b716c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Iran

Filesize
64KB

MD5
b2ca47c8cf03d70ae05a9ebb6553185a

SHA1
d85f0182cf4b159c04c0cd46a7510eff4f8c3b79

SHA256
affbca32c1fc8a4cb0728a8cdb3f3fc9375fbff7c1c9272c1a52b9210a2971f1

SHA512
26617dc946820f3731028685c94d53f060a0d39aa7f2cab8af323eff6bf33d572f6268bc2a2d3e4c21e5bde76e351427f54429006c6b91b19687bcbc37a699d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Kelkoo

Filesize
24KB

MD5
0fbde0fdba307e93615786acc4b4ba49

SHA1
c54eba11961e50b021f8b2f91a4b12db81283e3d

SHA256
c9f8ace264d94c99811e4cd5272a055b556d1e1991e2a5cc44db4c46aa4197b0

SHA512
87395c9b5f03751a4c6c38f1d755fcfe08ba310d9dea44850e0dd8a749a3a54b4f697bc4dc7f1f6b12e0b56e46e59eee2e8da3b0bbe018df9de676019bd30e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Pasta

Filesize
86KB

MD5
a9c31ed91be0cad2d31702e2510fc142

SHA1
7c292f4538502a86187e79e07df505b1c62c2ea7

SHA256
7b15711a199898e7ae758a2b2300a10ed98b91c84899666dc02f00666db18502

SHA512
d7eac026e0437dceb99e3edca695732f64c2a445e237533ef7ea05604e7aadce47c4aaeafb3f387acacc33b388cf1e78b21a903b92050e1da3d3e9b32076d918

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Purpose

Filesize
138KB

MD5
e76a7c412034a25b15e63d6f1c905833

SHA1
83a85afd0f5000df7698adfabafe4abc14817be5

SHA256
51f0482f62ca9d85aaaa3413c6da97d78ad0f833e9f88f552b0f67c7f94f5eff

SHA512
3bac75a6dc38ba4f98a9779890d0c7c8cdfaffd95ffe35da266c1647bc6c6453479772c5ba290cc4a5b647c8cd4f00b26861205ba3bc02ec7bf613d8f329cd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ta

Filesize
86KB

MD5
f8812ccac0a8bdc3873f77fd053609bc

SHA1
b63384454872333a20800858e1a468e93e940c35

SHA256
19c8f11dea22f76dbeee778718404f98892e64c3a4369fc88745141f25ade88f

SHA512
7ad35d7d4b99051b6db654fbc938ff9cacec60a9dabf64cc7ee84e8bb296e3e2caaf7a0d4df4f41231200ca9387c86ab4ecf9b0423af082208e657b89460c56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Trailers

Filesize
114KB

MD5
a0d1acf188c167b34bef2bb483306cc4

SHA1
a22697ee82f2360de6e72e1d1f4057efad54d854

SHA256
8a672af99cd98aebee658852e47796f2a8bc7c4cf8d7d4463e64a4466cc0658b

SHA512
a55f230ad19c3c0f8cd4d2f5e656763cd5cf6d7992c29177d9a96fa8caf61486f183c5bfcb65ecc2cdc8fbb04dd32e03d50a5c56666a06a9cc28097733c97fa7

Download Submit
memory/4376-66-0x00000000040E0000-0x0000000004139000-memory.dmp

Filesize
356KB

Download
memory/4376-68-0x00000000040E0000-0x0000000004139000-memory.dmp

Filesize
356KB

Download
memory/4376-67-0x00000000040E0000-0x0000000004139000-memory.dmp

Filesize
356KB

Download
memory/4376-70-0x00000000040E0000-0x0000000004139000-memory.dmp

Filesize
356KB

Download
memory/4376-69-0x00000000040E0000-0x0000000004139000-memory.dmp

Filesize
356KB

Download