lumma | aba80a73b34a6fee80168217a4642f618aadd7f97803bb57242025068da3ce7b

Analysis

max time kernel
93s
max time network
135s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10-01-2025 10:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

appFile.exe
Size

36.2MB
MD5

8e9470197062cc090f733b985f2de5d4
SHA1

d99fa5c8ee7edb80ffcdf6e777b43e08d5456103
SHA256

aba80a73b34a6fee80168217a4642f618aadd7f97803bb57242025068da3ce7b
SHA512

1e5ea1524f94b28dc5677b234d16d10df5e66396d0a82b512267fc8a966cf7b757b3e2a3f6b03cecd7f0ad9962580b4588e602f4e342467341923bbb70ccc8ce
SSDEEP

393216:UYOpceiJ1z1bAISY9rMTlSd7JZnNXjFexpRWWy8ElyftIusM2yIdc11Av/NElH4u:wcegRb3gsXNG118ptLwClC

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://robinsharez.shop/api

https://handscreamny.shop/api

https://chipdonkeruz.shop/api

https://versersleep.shop/api

https://crowdwarek.shop/api

https://apporholis.shop/api

https://femalsabler.shop/api

https://soundtappysk.shop/api

https://breathauthorit.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	appFile.exe

Executes dropped EXE 1 IoCs

pid	Process
1756	Gui.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
1520	tasklist.exe
4940	tasklist.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\MedicationsCt	appFile.exe
File opened for modification	C:\Windows\DetectiveHotels	appFile.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gui.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appFile.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1756	Gui.com
1756	Gui.com
1756	Gui.com
1756	Gui.com
1756	Gui.com
1756	Gui.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1520	tasklist.exe
Token: SeDebugPrivilege	4940	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1756	Gui.com
1756	Gui.com
1756	Gui.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1756	Gui.com
1756	Gui.com
1756	Gui.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 2428 wrote to memory of 3708	2428	appFile.exe	82
PID 2428 wrote to memory of 3708	2428	appFile.exe	82
PID 2428 wrote to memory of 3708	2428	appFile.exe	82
PID 3708 wrote to memory of 1520	3708	cmd.exe	86
PID 3708 wrote to memory of 1520	3708	cmd.exe	86
PID 3708 wrote to memory of 1520	3708	cmd.exe	86
PID 3708 wrote to memory of 400	3708	cmd.exe	87
PID 3708 wrote to memory of 400	3708	cmd.exe	87
PID 3708 wrote to memory of 400	3708	cmd.exe	87
PID 3708 wrote to memory of 4940	3708	cmd.exe	90
PID 3708 wrote to memory of 4940	3708	cmd.exe	90
PID 3708 wrote to memory of 4940	3708	cmd.exe	90
PID 3708 wrote to memory of 2440	3708	cmd.exe	91
PID 3708 wrote to memory of 2440	3708	cmd.exe	91
PID 3708 wrote to memory of 2440	3708	cmd.exe	91
PID 3708 wrote to memory of 4916	3708	cmd.exe	92
PID 3708 wrote to memory of 4916	3708	cmd.exe	92
PID 3708 wrote to memory of 4916	3708	cmd.exe	92
PID 3708 wrote to memory of 464	3708	cmd.exe	93
PID 3708 wrote to memory of 464	3708	cmd.exe	93
PID 3708 wrote to memory of 464	3708	cmd.exe	93
PID 3708 wrote to memory of 3112	3708	cmd.exe	94
PID 3708 wrote to memory of 3112	3708	cmd.exe	94
PID 3708 wrote to memory of 3112	3708	cmd.exe	94
PID 3708 wrote to memory of 1824	3708	cmd.exe	95
PID 3708 wrote to memory of 1824	3708	cmd.exe	95
PID 3708 wrote to memory of 1824	3708	cmd.exe	95
PID 3708 wrote to memory of 3012	3708	cmd.exe	96
PID 3708 wrote to memory of 3012	3708	cmd.exe	96
PID 3708 wrote to memory of 3012	3708	cmd.exe	96
PID 3708 wrote to memory of 1756	3708	cmd.exe	97
PID 3708 wrote to memory of 1756	3708	cmd.exe	97
PID 3708 wrote to memory of 1756	3708	cmd.exe	97
PID 3708 wrote to memory of 2240	3708	cmd.exe	98
PID 3708 wrote to memory of 2240	3708	cmd.exe	98
PID 3708 wrote to memory of 2240	3708	cmd.exe	98

C:\Users\Admin\AppData\Local\Temp\appFile.exe
"C:\Users\Admin\AppData\Local\Temp\appFile.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2428
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Ips Ips.cmd & Ips.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3708
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1520
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:400
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:4940
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2440
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 473587
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4916
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Metallic
    3⤵
    - System Location Discovery: System Language Discovery
    PID:464
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "BELIZE" Perception
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3112
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 473587\Gui.com + Contributions + Wa + Indonesian + Debut + Shareware + Jd + Membrane + Continent + Sailing 473587\Gui.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1824
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Fruit + ..\Scottish + ..\Encoding + ..\Clean + ..\Civil + ..\Documentation + ..\Activation M
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3012
- - C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\473587\Gui.com
    Gui.com M
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1756
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2240

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\473587\Gui.com

Filesize
1KB

MD5
1e7f587d17149bad29984b5f64128997

SHA1
6851cc36db35e53989586d2224e8a04e69bdadf4

SHA256
3742dfed09907f37be868768d50806bff0371887cdaaaab8e4b3f07d2b1c1cf5

SHA512
fda5d5d4ff3f1ce0c6299a0af8e91d4337677369c746dbc4faed2a1a70b1f13c33446bc4b129ee9082ce121debbb88e6200796779cbe88bba41514a78caf6ec9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\473587\Gui.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\473587\M

Filesize
482KB

MD5
b7d353f03fff3c5542e4efc9720349c4

SHA1
2f6b045ece9d377097f65f5bc83b82819e42648e

SHA256
597a83a68eb6977c1bbc4307e35939d1287da1dc79d7800fce7485bc8a00add1

SHA512
8dc1192a64e0170a39cb9bbc1b7e3e06caa9dd8bc39eaf550a07ba5d0b482be0ea79bb967929f93a8e9f13b6f78eb16243b01159f3af3f70ad3195c66eae7ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Activation

Filesize
68KB

MD5
418a3987063563ade43eb93166fd252f

SHA1
44f0924bcfeef8f9aed231c4419791de1edf3440

SHA256
e6381b1ffde5768e5eb3cdb56dc8cdd0222252632812bf0e9017bc45b4fc6b59

SHA512
23a600137d5b4b71f2916e879997da3919724cdd9a31dd1e93bf14ccbd1776f2473156c45a3d6b3912e0ef0c71e8aa9ec08d1bd63c10b9554b2a7820b83eac8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Civil

Filesize
78KB

MD5
88328166a2ab03b661c74b7cfd2d122b

SHA1
cff3c0915cd8aa8fb7611c4adcd7575e6de7a03e

SHA256
f32e0aa35b7ead1c1f80e489aba078fcfefa335cc29d8f85a17d60bc9bf1d10c

SHA512
3f6fa37b3079f24feea28195595970e79d3978ceb0147f257735a97a9a136b3d373ec7b0ebbf63afbb9d0897590853318a73c6674babb8a6a78c65e4bce149b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Clean

Filesize
77KB

MD5
937588e2a4494e4a0f9912023fce07f6

SHA1
1cc2dc73980d79f59dcf1d15ba97474392d5ed54

SHA256
9f95f6f88724ec7bc32b16a5c97b2ad8c0d24bfd0dc0a429010ff9b0b298f8f5

SHA512
40f0ff2b03ca65d5fb99170e49e8b8f160305c521c42ddcb2b4a73879703dc34393f733494894ce0eb60b1c76057ea393e4c6660284c816efecece60b77bdfc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Continent

Filesize
129KB

MD5
f46ae2ec08211d846eef8a6d25ee6ebe

SHA1
53e108fd5b1646fa356a6c20babc25056949ad01

SHA256
d47f9a1e03327fea4a1832413331fc958d31d52f1ed2c32dac107c00149bd6a2

SHA512
eba8b3d6d32120408a08a9c7dff2405a1c040779cf686381176e48771497cad1b2da06754dd563175377a8f2446f8715543518afefe95342f2490c8c7cb6578f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Contributions

Filesize
133KB

MD5
e652fa6fe25787d5b8cfaa85f94ad965

SHA1
b87445bf8123d7e016529ed1055f486b87088440

SHA256
244691058924d3d48eb335c7fbf4ac04d7e4f6d0529d6ce0bc815b348be3a0fd

SHA512
908d36a6eb84b5ec8540de8c94f4051fef9d3e6e8f25569a02bbbb39f0a123f389dd407f824acf9e8ef12bebae0b3b4ad6e25bcf0be7f8f5f9c336117f3aa179

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Debut

Filesize
59KB

MD5
615fd1c7ca88520fcb5806be3e4bdf55

SHA1
462427f2d4a2351e3b0f863f9e23d965a91e9f30

SHA256
85700ee72ddd61a0476b7eeb65f5f13dafcecb045221943f101c5250e481a12a

SHA512
d5f5cc2c06daf53f888eae9acc83deeaa6493ece82fc95ee04ef8d550a4011b990e4f2c4a458c450ec389408072e79f2158240ce3c120150a994a8484acd5503

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Documentation

Filesize
50KB

MD5
1de34608491dc72c7f881263715bd4a5

SHA1
ee890fd73fc88e332bbc704ed9579bba5cc525ed

SHA256
9b19fdf73fc6ad05386046165af5e0721535a31bea395669e80cb4f7184e6fef

SHA512
2d44c5ea11daa2a6e89ccaf8d17e5c3796e85666da345f57e7dc2faf9f4c03e43d61afcfdb015deb54229476b49a7f99f6424f1bc99ed34a1a8442221498a7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Encoding

Filesize
68KB

MD5
7ee2d94557987dbeac1a8bf414206f63

SHA1
1b303117b31f494149647f7db110dc1fcda8a628

SHA256
a1422dc69d1537baac01678c2ef2a2cf3db3f8b0b3283af06baa71991e7ca051

SHA512
0f74fcbb25eee5a1ba8db3493cfe99a8483328e3c4dac62303c4becaa508c44d2e240a7ed581d52b2827135a44686c274568d08acee1860da7b4f4648fb4c4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Fruit

Filesize
59KB

MD5
9167a8a49dc18e63df8f7173c2da5094

SHA1
d60eebf450caeb3c3f23e15e9f82029ab63a512e

SHA256
dcc1d1f61fb4f61b18b05e45b92ba7522fe555fc2d016f58697b574fd99de2de

SHA512
8e40dc18e811b23d4cbfb37cc81ff821486eb0711ffb69bb0444adde66886e727d4c0025970c903b07c387ac2ee1448917f380aca0ecb51b91e5f42abaf13275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Indonesian

Filesize
128KB

MD5
1c97f1e7ab5f54b0d89ebde899ad008e

SHA1
21629dc6ae5c731694da40e3e597e4b8aedef7c2

SHA256
e0f4dd9362a2a639b58bed79255a553ee29f60e773c687cf0c1dba76efadb2e4

SHA512
32f6b421fe83d8a78ec354944c9e811819fd22f500be0301e610bc3a6120a37c6c3ef5c0d347a6a17c5e63d7b695710c183c20dc15e92d5229f4e9861d6a3f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Ips

Filesize
28KB

MD5
932e77f4346c15fb44476f3dc340f1be

SHA1
909c1135cfc7747be3f7631a93501bcec6ae5ca1

SHA256
76af347faaed4c3c1d3ad41f6ba88573ae236242720e6cbc0e4844dcbe656664

SHA512
7efafd9caea48d25cd38242e9acffbf486c35710577fd138d139095396bfce7ffa9d7b61be4ce38339ff2417c6164481603789ee62b3ead7a3438e62b55f5910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Jd

Filesize
103KB

MD5
a7567f196e671f96671b95bfab15fa57

SHA1
325b32994bc9002f377c7298af79eaa65fbf1519

SHA256
2408d1fbce48e5f54483f9c4c1b33a8c063f49f522268ac1fe6d6d67e8fd7bea

SHA512
5b3c4eab780b9ca0c5d2b9fc6acdc440366488d6425323563fd032a9aa464453075b633befc2a160719ee0ab0edf39a497beb8fb6c3c78e936adc9a7cc37e2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Membrane

Filesize
114KB

MD5
1e44bc506da7439e081dea2498280469

SHA1
cf9b86aa16612de8c8a9b285dd71813466cfbe36

SHA256
74b6145c337c2508753efa7af2312c4b44bda64bb061fbe57326726fac25421a

SHA512
62d79ee9823bf5f9acc096e905becde23961715cc52ee308306a07b6b83cc253e56b89dbf386a6db682a80131e6ffd5377e4f244a7be1b6b6fc1ccf4222c2217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Metallic

Filesize
476KB

MD5
e424e02d117bdbe845a8e681b6c37350

SHA1
749c78b8a0b93aafe974a151d06df4ea90583fb1

SHA256
7d6def57bbcb39b1dc0a7868c642ecf78cfc03528e64dd663252d2058a2ffc46

SHA512
c9b91731caad10fdb821002def3dc56191e560fc3236091a1695d2de33e9e0fd42b4bd772a8ddc6a4b8e7cbf85f85d5034dffdca4033a01839168e0ce243d79a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Perception

Filesize
1KB

MD5
04dadf58ac9d154c18cd8bf7937083ca

SHA1
01922a2a364767c255db35fd5c352ee2fb6d1e58

SHA256
3a053368d74fd118292b1d655d0ea422b0819bef432ecddc89c1cd5442677eb9

SHA512
3a15b6069e24a57bcd76bf9851777704b6a1317c8add7fd63174ff70e90b5b7e957f281b578526bac0a246e47684c4d60650ffab2d4d708dca4e5c780bf35ca4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Sailing

Filesize
143KB

MD5
90e084e0de9bc06db48f8c4a44968105

SHA1
8c802bf26e6c72a292ac57719ca56df884cd3e36

SHA256
b4cdb99602323867a974a3b51484f3c315f9a626b5c883efd10e0e6b0aba7a3b

SHA512
9e5b15453e2350274d55b2b4f801dfd85d2d64e3132e0554dd5c1261730eb920a665293c29080998af3097e76d930cc87c0f7d9c45f8f585532fe891805e637e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Scottish

Filesize
82KB

MD5
62c6267c11124d4bd67ef8ea7abaec49

SHA1
11fa81e4758b8310d22cb95edcf16df4ec4b4e13

SHA256
6e8f52129c2b395f1fd5a9c0138f0520c7b5ee67fe6d1c2058f6206403968927

SHA512
983263b370c12e4aef2dc3c82a661e305ccfa71114f3d365f8789dcbeccdbbd6a510bd418513ef3e823e9d9478ddc1cf4aa5c1b9952b5d06ebeedb97d08f9677

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Shareware

Filesize
59KB

MD5
4fde037e68e96389ea1b8051666671be

SHA1
0cdf6fee9191c2dbc65b90bcabd298325878451f

SHA256
5e048efa928eaea5ccf29372eaf89fb7ccb82e5269e59cc9807f181ebb0bc144

SHA512
9646d4fa08a8f6e93544af4ee4d979d937f70a47a9471b54d9e904883d6783381fce2146c86ed2bcd5a98274f21def20f756ea95f5f43f4832e23b2f65625999

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Wa

Filesize
55KB

MD5
20c2516cededf0815e04eda1597593de

SHA1
687e5ce22da4ed23cfcc45e012c9dfe2ba0a032f

SHA256
c091f708383dc2f43b5f2c5e871e4f2a4ef57f4e515d26fa7759a1b56d096ffa

SHA512
bbda2d72f823ffe1f7716b8fe32505d1d663ad26f4d71cf4a4ddca407bd2d030031611014b7fbf16b9cf4845e34613a19830b3d9c0210933171c27149ef90004

Download Submit
memory/1756-66-0x0000000004AC0000-0x0000000004B19000-memory.dmp

Filesize
356KB

Download
memory/1756-67-0x0000000004AC0000-0x0000000004B19000-memory.dmp

Filesize
356KB

Download
memory/1756-68-0x0000000004AC0000-0x0000000004B19000-memory.dmp

Filesize
356KB

Download
memory/1756-70-0x0000000004AC0000-0x0000000004B19000-memory.dmp

Filesize
356KB

Download
memory/1756-69-0x0000000004AC0000-0x0000000004B19000-memory.dmp

Filesize
356KB

Download