lumma | f3c95a22bccc513a28a86589db4049d0804f5bfcb3494f3502c85fc37ded7493

Analysis

max time kernel
106s
max time network
107s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 21:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Full-Ver_Setup.exe
Size

70.0MB
MD5

251ea82a4f4d958152742a38394b0229
SHA1

5413b0c97b91b5078595bc1e445461e84020ec63
SHA256

f3c95a22bccc513a28a86589db4049d0804f5bfcb3494f3502c85fc37ded7493
SHA512

b8bf2ed9d2c6d294a07b1253f67c03a08d60016fb73394f810842de575821c8b8b998c0835e73b79b008a72f8bbc653fa769bf8d15006a427ede2d123845af6f
SSDEEP

24576:KBtdvgIn+hGDeXZ0sMVHMuJxu2MHZFkpqnrOId+3x3:WgIn+hGDouZxu2MHZu/IA3x3

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://homelessdejs.cyou/api

https://fraggielek.biz/api

https://grandiouseziu.biz/api

https://nuttyshopr.biz/api

https://punishzement.biz/api

https://spookycappy.biz/api

https://truculengisau.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4089630652-1596403869-279772308-1000\Control Panel\International\Geo\Nation	Full-Ver_Setup.exe

Executes dropped EXE 1 IoCs

pid	Process
5000	Journal.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
3992	tasklist.exe
1860	tasklist.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\ExperimentsSeo	Full-Ver_Setup.exe
File opened for modification	C:\Windows\DivxAluminum	Full-Ver_Setup.exe
File opened for modification	C:\Windows\NecessaryBeta	Full-Ver_Setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Journal.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Full-Ver_Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5000	Journal.com
5000	Journal.com
5000	Journal.com
5000	Journal.com
5000	Journal.com
5000	Journal.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3992	tasklist.exe
Token: SeDebugPrivilege	1860	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
5000	Journal.com
5000	Journal.com
5000	Journal.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
5000	Journal.com
5000	Journal.com
5000	Journal.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 4040 wrote to memory of 512	4040	Full-Ver_Setup.exe	82
PID 4040 wrote to memory of 512	4040	Full-Ver_Setup.exe	82
PID 4040 wrote to memory of 512	4040	Full-Ver_Setup.exe	82
PID 512 wrote to memory of 3992	512	cmd.exe	84
PID 512 wrote to memory of 3992	512	cmd.exe	84
PID 512 wrote to memory of 3992	512	cmd.exe	84
PID 512 wrote to memory of 4508	512	cmd.exe	85
PID 512 wrote to memory of 4508	512	cmd.exe	85
PID 512 wrote to memory of 4508	512	cmd.exe	85
PID 512 wrote to memory of 1860	512	cmd.exe	87
PID 512 wrote to memory of 1860	512	cmd.exe	87
PID 512 wrote to memory of 1860	512	cmd.exe	87
PID 512 wrote to memory of 4080	512	cmd.exe	88
PID 512 wrote to memory of 4080	512	cmd.exe	88
PID 512 wrote to memory of 4080	512	cmd.exe	88
PID 512 wrote to memory of 2888	512	cmd.exe	89
PID 512 wrote to memory of 2888	512	cmd.exe	89
PID 512 wrote to memory of 2888	512	cmd.exe	89
PID 512 wrote to memory of 1716	512	cmd.exe	90
PID 512 wrote to memory of 1716	512	cmd.exe	90
PID 512 wrote to memory of 1716	512	cmd.exe	90
PID 512 wrote to memory of 4900	512	cmd.exe	91
PID 512 wrote to memory of 4900	512	cmd.exe	91
PID 512 wrote to memory of 4900	512	cmd.exe	91
PID 512 wrote to memory of 3048	512	cmd.exe	92
PID 512 wrote to memory of 3048	512	cmd.exe	92
PID 512 wrote to memory of 3048	512	cmd.exe	92
PID 512 wrote to memory of 3416	512	cmd.exe	93
PID 512 wrote to memory of 3416	512	cmd.exe	93
PID 512 wrote to memory of 3416	512	cmd.exe	93
PID 512 wrote to memory of 5000	512	cmd.exe	94
PID 512 wrote to memory of 5000	512	cmd.exe	94
PID 512 wrote to memory of 5000	512	cmd.exe	94
PID 512 wrote to memory of 396	512	cmd.exe	95
PID 512 wrote to memory of 396	512	cmd.exe	95
PID 512 wrote to memory of 396	512	cmd.exe	95

C:\Users\Admin\AppData\Local\Temp\Full-Ver_Setup.exe
"C:\Users\Admin\AppData\Local\Temp\Full-Ver_Setup.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4040
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move En En.cmd & En.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:512
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3992
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4508
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1860
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4080
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 737282
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2888
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Weighted
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1716
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "FONTS" Indices
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4900
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 737282\Journal.com + Waves + Andale + Entering + Cologne + Urgent + Shops + Swim + Rats + Cambridge + Stanford 737282\Journal.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3048
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Maintaining + ..\Postal + ..\Quotes + ..\Limousines + ..\Event + ..\Probability + ..\Opportunities a
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3416
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\737282\Journal.com
    Journal.com a
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:5000
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:396

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\737282\Journal.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\737282\a

Filesize
461KB

MD5
b3c1667a854a6b1c8e3871a11e0cbf78

SHA1
d4111a32c0410ff510a62c9dcd05582362fd1411

SHA256
0e60978855958b1a6180cc8a186004a54fb614e3fa739a35692691a8bd181360

SHA512
0321e4eb7c1525b6772b96f6343d19b5631ac9a0b0f7a21ba4e00e1ac84e36bfd62dc5455f7e363654dae086a51634bbfad57c80db2140b5c5fccaaae83d3aec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Andale

Filesize
144KB

MD5
1812b4c19657aac360da385aca42562c

SHA1
206158f53b5cd4e1a0ee202b614e68489c9bc305

SHA256
0cc288170a4de5cde2f224f602590cada6b429c424ec95ec6e94c064dd2969bb

SHA512
cf128a8e5d90415573263d27ac0ca235ae548dccf2d53069d44cdb39a3229f36fd3e5b48110868a546ff13d952c6a5848a2dd14229e2e09f5f7b2ece52a83a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cambridge

Filesize
125KB

MD5
d2e32f352227ab379e8c14aa62c819cb

SHA1
eb280ee067235f4add73686d40a0ab157d028170

SHA256
b995f4b8372c994931654d10a5b77aba812a7848aefb6166a5f3b6ffda8a297f

SHA512
1f423bad7fc7cecf7cdf596579cec1f0ab8e76cf9e429f3378e7e531b24829626fc06bc305d74640388592d0f7b7f7c2944cdea0737a45f6f0489749d9ed2361

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cologne

Filesize
110KB

MD5
643cbe14e4b52f8f6d53dd378d5d51ca

SHA1
7c5c1ae6805f3aab905d3f1521bfd06849e82cb7

SHA256
a860433e64eaf49f75d135440f32052645277ea10ff8b67fe4cd17dc98e1c6ea

SHA512
ccaad3feb19010a8cf998aec868d74fcb16b1a2d8bfed8be86b0ecbb0ad447867ecb593b8c0cca73007026012e297831d47c135dbbcd1c8a019d4e368a619b71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\En

Filesize
12KB

MD5
4ee20ffd34a586e86c15948739f040c9

SHA1
8935a99448677b0565dec5035420a814f1b5618d

SHA256
7fae5a7206af624bfd4c48c638750c605e0326549b532581619dfe33bab78da0

SHA512
1dc89d704d9f6362f6db8215fe95fabbef1e1598aaf4c0a1004ef1b3be3b91cf81dc0a5f3ced9e05bfe2cdf6d79cd5667df4d9334afd474909b70ba5c7ee1dc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Entering

Filesize
98KB

MD5
5853fd3fc145e0ca0f746a62e82fcaee

SHA1
b859606bf44dba4b21b976b74830001af26b82c4

SHA256
f683a6436160c8592c041c9a406d09fef75969fea261d63114f02cd1451a561b

SHA512
933d516739627c58a4a233a5caa0beb76a2af0170c1b34be4249d725f9d60ceeca0711b437764a0ce91bab24a6c5fc32484b1c35f597b786cd97b3dfcf43a7b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Event

Filesize
51KB

MD5
76f7332597590babf088140ff4ce0754

SHA1
246b3e94230e69d9bf3ae3ff1b59e8f91aa814c8

SHA256
1e675afa5a31a185651dfd2fdb6b808a9286fc473cc9f9015a3beb54eaa1ea3d

SHA512
7f117b0232cbf787f160d402b4254961019f2ff48529e56b04caf27fa38ec8b0ec563b6b9c37e27013b626188a0927d20cb251970ca11e1fe86137e120b99e34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Indices

Filesize
2KB

MD5
06b4fb75fc2bd7853d8f462f707e4b2a

SHA1
b2d6078d1740660468ecb5ce8cbcd39d0460a1d9

SHA256
927db0ec1fa9364d2399a869d69500509e45af307452de9457f210968c274fb8

SHA512
0edfc5febd367396106e8948412c550f2654e4a4d4455288a456c1fd1c11861934dde23b021ea11bde5a53d1faaa077db3d5dc7bb5967bdf734987924d47d1bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Limousines

Filesize
98KB

MD5
44a6ca1d1392b5363e2ae1569bcbd365

SHA1
85eb956cf45680747a2af86d49b2e0682a207718

SHA256
ef5b1b1f8179de57fedda4415bb19070899c34673a1ebf3cbd778b4166f84870

SHA512
023e6d11e5a7c86ff8cb6d16d0b18cacb49ff9d7ec8f59ee69f2a03ef723711053cf97946ba6b18fd08d5c16bd857e1177070715b1ce895d52b1a2f7b2f1e158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Maintaining

Filesize
52KB

MD5
2d8b3d6dd4ef03400372cecd22eecaf1

SHA1
db0b7c30a1be75c7d0f3c97bb8aba0c97abace82

SHA256
13de7d08b4954618d2f7ec91286ea20a243fba06d9a0b3d2dd60481611300d88

SHA512
52034ce29ad1c665a9012e43b5d913b47efbdbd76bc964033701d7a4fba4d25283c9ac4faa21cd85b6f3dfe038c71087ef47c610a121ea9527f31d621006b353

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Opportunities

Filesize
5KB

MD5
1aa232215fb3ca4f8fb24815d84e3353

SHA1
ee84cfafbda6200c37a06deea3e5f83728874bd0

SHA256
6376f7eca6932fb393e658366af61dd38f1eee82275ca3ac9db93b002248ee65

SHA512
bd8c7df213b7f173e3ef1f3aaabcbc3459ebfdc847e69a5cb98f114e3f5dab4691ccb740ff3970eca02b1220c4a7f8c666b4cf4f658ec3d663648f9e96037db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Postal

Filesize
96KB

MD5
95d8b8a04ee0649dbfff8f7873594498

SHA1
6df79f48ceb4d8492514d08b62f787365f2e0320

SHA256
62ad3cddacc8cc4c59edfa49f0e80316103143c3f475ee25b714e4545a35e288

SHA512
13cc7ff924ba83b89ee26c7735957c250e2db9c510f8f930932313e4908c64cf038edf9314b48560ebd9a491aca07711a2d5eee754b9d31ff9fe4dbf7b569d8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Probability

Filesize
97KB

MD5
f3cd8d7f37e358ab9157944013dbc106

SHA1
deab46c00cfff90879a73b9abcdd468e875bec85

SHA256
d5f60c8d4f135f6c5a40c4416e5170cf2bc18dbf3ecef33fa7a89c1bfd71555f

SHA512
7a80530176ba18cd17e1aef42307a99532b893b3822ceed77b3362c2acfaa7af4b2c7125809fba8a7a4009540541805b066f6362619ea5f7f9f83f72d3d5a139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Quotes

Filesize
62KB

MD5
c9348a5b9109bea6b771890d11ac2e28

SHA1
53c408a89fd35b58591adf9d76ffc724feea6309

SHA256
df5b520479143f57780c4ca1300193a7472a5eb9d8c6e0b657e68f61c80cd0be

SHA512
48f75e70a73f38eb34b3c1fb2637cf50f1d9c9cd930d74a15b5af9e482a7ea04292cda0d95a13085582f3b8e2d46d06ddc229e86e4f5c83c46349c1c0b199807

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Rats

Filesize
50KB

MD5
7a1628745e8401d96338404d5fefc777

SHA1
0c24a0fe7bd7a173706adc0d070f2a7937ca03ce

SHA256
a4d4ac274aa6c966bc063eda247b79484545c5a0d8cafe790701cc851218a179

SHA512
607a15f4c4c9f8b09ed513ed5be29983c8d0523dd1918a2f98d0f7a66d087dd3f507eea49aeca08fbd55a5667d175cb7f1f1fe823164035a53932f2cdc7c8040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shops

Filesize
84KB

MD5
e181f85108c9f061932c59c2d0cd89b7

SHA1
e0be0b50fb773a483d649d77421b815d84c5ec33

SHA256
dfc34b6ea5f43710cc40ae1d5861a918d57f4b030da0f296c6aae22ff6ecf081

SHA512
ce1c58c7a33cd7da8a36b836cadd99935520bac165c315c4f83c35729993071629cf7e014072c73dafb8a2236117ab73add839fae578107714c89d5689d8e910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Stanford

Filesize
28KB

MD5
5a851df95bc60f37cabe0e54fb9aca08

SHA1
0dc83697d966f8e03450d24ef6235f5b43d65525

SHA256
829b565514ef9dda8779d6e7d444ae98e3f0da3cf792147535af79354fe7a5e6

SHA512
4c8771874d9fc7a6886152499b0a418737df1b7aea1d05d7b652adcb51ee91464dc204aa7410f85f80b9d907d10d02f47967d2fed1674be7a1ce3bed9e2a44f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Swim

Filesize
82KB

MD5
9521a6ed765de4056b42ba74d976a2b6

SHA1
cc81943cdebd774207aeef94b5064c21a7592e82

SHA256
7c3f3eb4b4202cc427df3f85c34afea49f80a81d37381f1098936d465a2bae08

SHA512
6a9f87f6da06437119a62b662beaefcdd81598d700bd267e47ee667c990def772fecdc75245d5309709bb0b244f0e0a054d54e0d83373c1ddbb21c04d3415221

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Urgent

Filesize
80KB

MD5
1f46f569ded7ea86f7740866be46c433

SHA1
91c95c24ece3ef5904d7677e98a88c8a1d6fd2c7

SHA256
d312f4e7b7250c4d841e725ee508ce0e9d98c921b5c0c648824b95b11596d3d0

SHA512
648886f175f1cf0ebb829813491a6f983886edb7228cff399669de7f2181ba94cfc3505d89aa12f1e7d5cacc6feb2f13e03ea4ba08ea0c0019756c09635ccf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Waves

Filesize
121KB

MD5
66772c2cfd61f5b359dd2bae7236def4

SHA1
ea05e553c017c9e4d55a3f1c10492ae9b9335630

SHA256
6a18be1228538139ea7155f799180bdf72d2459a1de7fd78a36129a59150fa27

SHA512
329408838b050e5374910e59a82d1d575a0ac0a5000ecb9b42a51f267ba519be8b8519117e46822abb14be162e85e3e16e614a18671dce81dfba172c75a4b5f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Weighted

Filesize
477KB

MD5
4df82bce51389734e50756afc36ae231

SHA1
e20e0819449bf7f6a61dd5571cc537af976ff76c

SHA256
c56f1cb4b1ed025f4f28ad06845588ba67177e58ccccd2542a548c656d5d7568

SHA512
c2d5f48b6075109d14394e97ef3fffebfdbd83720bd9ae968a9de91a18f65b894c2d2aa9bf6687727d1eb5c238aa77a08412a1e2805b1c48bcc132a32069c505

Download Submit
memory/5000-70-0x0000000004BF0000-0x0000000004C47000-memory.dmp

Filesize
348KB

Download
memory/5000-71-0x0000000004BF0000-0x0000000004C47000-memory.dmp

Filesize
348KB

Download
memory/5000-72-0x0000000004BF0000-0x0000000004C47000-memory.dmp

Filesize
348KB

Download
memory/5000-74-0x0000000004BF0000-0x0000000004C47000-memory.dmp

Filesize
348KB

Download
memory/5000-73-0x0000000004BF0000-0x0000000004C47000-memory.dmp

Filesize
348KB

Download