lumma | 09b44778b0010e8b8e5e520b4143d76ce71e46ccd74ccef70bab5dada191a4a0

Analysis

max time kernel
434s
max time network
436s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
13/01/2025, 22:23

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Newl Upd [v2.1.0].exe
Size

150.0MB
MD5

369783d982d4a7e8decbff08e563de53
SHA1

008c5a5a205097ede95634d700299534ec7d22ec
SHA256

09b44778b0010e8b8e5e520b4143d76ce71e46ccd74ccef70bab5dada191a4a0
SHA512

6fab20d2fd9b453d8ea3518d00fa8270be00e549efdd1db90fcf978b97df475cc6b97f55dfd05ce5c14cf09095ea1da55331ecf27b0df2253d9d15a1a0d3dde3
SSDEEP

24576:fGkqth6KdOsff8VS1IxCl8Qr0FWviIGLVR/4hmCt:3odVf8VS1IxCKQrztGr/Kmo

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://feerdaiks.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000\Control Panel\International\Geo\Nation	Newl Upd [v2.1.0].exe

Executes dropped EXE 1 IoCs

pid	Process
1084	Reactions.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
1944	tasklist.exe
2544	tasklist.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\QueensMale	Newl Upd [v2.1.0].exe
File opened for modification	C:\Windows\FeelsExpanding	Newl Upd [v2.1.0].exe
File opened for modification	C:\Windows\ConsentNightmare	Newl Upd [v2.1.0].exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Reactions.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Newl Upd [v2.1.0].exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1084	Reactions.com
1084	Reactions.com
1084	Reactions.com
1084	Reactions.com
1084	Reactions.com
1084	Reactions.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	1944	tasklist.exe
Token: SeDebugPrivilege	2544	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1084	Reactions.com
1084	Reactions.com
1084	Reactions.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1084	Reactions.com
1084	Reactions.com
1084	Reactions.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 4796 wrote to memory of 428	4796	Newl Upd [v2.1.0].exe	83
PID 4796 wrote to memory of 428	4796	Newl Upd [v2.1.0].exe	83
PID 4796 wrote to memory of 428	4796	Newl Upd [v2.1.0].exe	83
PID 428 wrote to memory of 1944	428	cmd.exe	85
PID 428 wrote to memory of 1944	428	cmd.exe	85
PID 428 wrote to memory of 1944	428	cmd.exe	85
PID 428 wrote to memory of 5020	428	cmd.exe	86
PID 428 wrote to memory of 5020	428	cmd.exe	86
PID 428 wrote to memory of 5020	428	cmd.exe	86
PID 428 wrote to memory of 2544	428	cmd.exe	89
PID 428 wrote to memory of 2544	428	cmd.exe	89
PID 428 wrote to memory of 2544	428	cmd.exe	89
PID 428 wrote to memory of 1520	428	cmd.exe	90
PID 428 wrote to memory of 1520	428	cmd.exe	90
PID 428 wrote to memory of 1520	428	cmd.exe	90
PID 428 wrote to memory of 1368	428	cmd.exe	91
PID 428 wrote to memory of 1368	428	cmd.exe	91
PID 428 wrote to memory of 1368	428	cmd.exe	91
PID 428 wrote to memory of 2916	428	cmd.exe	92
PID 428 wrote to memory of 2916	428	cmd.exe	92
PID 428 wrote to memory of 2916	428	cmd.exe	92
PID 428 wrote to memory of 4524	428	cmd.exe	93
PID 428 wrote to memory of 4524	428	cmd.exe	93
PID 428 wrote to memory of 4524	428	cmd.exe	93
PID 428 wrote to memory of 1628	428	cmd.exe	94
PID 428 wrote to memory of 1628	428	cmd.exe	94
PID 428 wrote to memory of 1628	428	cmd.exe	94
PID 428 wrote to memory of 4800	428	cmd.exe	95
PID 428 wrote to memory of 4800	428	cmd.exe	95
PID 428 wrote to memory of 4800	428	cmd.exe	95
PID 428 wrote to memory of 1084	428	cmd.exe	96
PID 428 wrote to memory of 1084	428	cmd.exe	96
PID 428 wrote to memory of 1084	428	cmd.exe	96
PID 428 wrote to memory of 5064	428	cmd.exe	97
PID 428 wrote to memory of 5064	428	cmd.exe	97
PID 428 wrote to memory of 5064	428	cmd.exe	97

C:\Users\Admin\AppData\Local\Temp\Newl Upd [v2.1.0].exe
"C:\Users\Admin\AppData\Local\Temp\Newl Upd [v2.1.0].exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4796
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c move Bangladesh Bangladesh.cmd & Bangladesh.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:428
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1944
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5020
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:2544
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1520
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 187161
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1368
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Legacy
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2916
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "ANCHOR" Paths
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4524
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 187161\Reactions.com + Forbidden + Cups + Mississippi + Pursuant + Aware + Chicken + Aerial + Walter + Specific + Accused 187161\Reactions.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1628
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Platinum + ..\Meters + ..\Subject + ..\Itsa + ..\Epic + ..\Ladder + ..\Appliance o
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4800
- - C:\Users\Admin\AppData\Local\Temp\187161\Reactions.com
    Reactions.com o
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:1084
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5064

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\187161\Reactions.com

Filesize
881B

MD5
b74effcade4b822657f4767cc0bb9fcc

SHA1
835f0c8cc35be906a9132ef8e5cae9a634fbb0ab

SHA256
c8ed7e8caa08418b32baa75436a7749b97057d5181acf5ecad536aca36b06e94

SHA512
9ebfaf44b6d38501004db302ca4130d9021ea6cfa4afe87f7753bed10a3777fdeb4392e152f474e4d02b9765764adb0162c5d8435673a79a7297c3c9a4478da5

Download Submit
C:\Users\Admin\AppData\Local\Temp\187161\Reactions.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\187161\o

Filesize
485KB

MD5
2f02fa0aab1695150012b87dabc70fda

SHA1
33d58f3928dcfbe6b06afc4264a3e6e5dd8200f4

SHA256
81e873989ec2ad0b8cd66c897d8bc48636f195e9f2df082f14b1bf40c5f0a905

SHA512
bf5b6ae14bb6be09365aa9ba4165eb175977e14936c4c83a1ddbbe1d1f69e4c3b2442adaf7958460dfb16f06f4629d9cd0cae006b6b61d4332c4c1baaed752a1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Accused

Filesize
37KB

MD5
228768a7b8bd328ed898bbf1cc9b8bfe

SHA1
97a4bde3f7a5b14a2c503d36cb5e9969ea1c82a0

SHA256
ca03feb402131b90951113512dbd5a1e5df4c76028c107a6e63780e7a2e10bfa

SHA512
b1abfe36b714e6c1a4c9f82a73f3ded9205e9020d3519f02652892f6ba27abfd256765beacd416f2dbb90b9e1adc939e8ef203e46800a6c9accb4597ddd3b2dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aerial

Filesize
70KB

MD5
e4bf83cd322ac4a24950139b0ad93ebe

SHA1
9cb8186c65aad23c8a4e434497269ed906fc0a24

SHA256
993390c859cdc171d10828bc1c05a1f98f070aa4360cd76ab6053e717314aed4

SHA512
9f26f7641fe75dee7ec0b5306ed5548506c333e735d993111611e9c944199c6ce808bebcf400acace2152a0b24ab58a23a8270b29b225fc066fd44212586214d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Appliance

Filesize
41KB

MD5
023ac368f01db01c65d742b0917f56ab

SHA1
3e27c18f3b424616d1958237f156290ab6a8fde0

SHA256
63edbe68efefece34571c787d351e599107214844a76d202ec7375d82966ce0e

SHA512
656843c284827948008993d591795be28fda23b9d695e6550142f574a34985d3629b8358e5ce776448105e00cdd088d29eee8750f42986d09f6777e58ab50d1f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Aware

Filesize
134KB

MD5
6fb74b91bf9607a6dadbe39c0eeaa450

SHA1
ee703adfa09a69d1462dadba6e506fc431b583b0

SHA256
0d8f47d5cc2df23c9d38b7a206384e4d26a1a5b93d1aaaa99f5f45c6b48d2543

SHA512
7c7272005c5f82137add2e31380c9ff715ee29a2fcfdb06cd5945366a5ab82455a53ee95a494cfe6d5edcf83a12085b968f67513f297693cb9df9a2dc58951d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Bangladesh

Filesize
20KB

MD5
56ec4b6975a51b6d74a8df3db9253097

SHA1
8092b5114a1f3707533e7558877cb3ec6fe0c484

SHA256
453de06461073aec00bedea1bcc773bf78e81d14c8b67e44b001a8339483ac75

SHA512
315f579ff3637b158cd2e700294d7a3bc9e40f0aaa5d088813a3947828511e897fd336bdccd3252e5c461e0bb32b7b75e4d07535d98f4a7bc457b1c62faddf6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Chicken

Filesize
122KB

MD5
488c9b74736c6a8b9f66f37fc3555303

SHA1
b3315d2df3d9f349c986ff985c7907e7f50042a2

SHA256
4b3e2cf77175abc23d4f25933096f373e1cf946edab13754d2ba7c45c0962b46

SHA512
c616aea288a0a27d356243ca0b45d7e759b25e33444ed3e3f1a99194a3957f4df35765fffb1d7d2f7b7791b62d0319068c8dfc0048d45c2d22b1a912c4398889

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cups

Filesize
98KB

MD5
26da0966f73a771cc719b5da55d8e282

SHA1
187f710aa415c980b4b286aba0d6be4c7e72597c

SHA256
bc42ca005b6228a306cdb44444b9b148d3b63c11df4680dfe363f8acda347dc9

SHA512
42e2b4c2d3b2f183e1f2d3f08569e017a93b33ef9712d4f06a3c41826d9bc0b5e9c7dbc764d21e92aa328742f5744f253b60c1c832bf71e1fd0c470ead8c1e88

Download Submit
C:\Users\Admin\AppData\Local\Temp\Epic

Filesize
83KB

MD5
51533683c8663758b43a0efe12a1cce6

SHA1
67c0b7136f5628c5092e270b33af1154be93cb26

SHA256
87478834f4fc6c92e00ca98aa2292fdfc75b2c85c6dc095249eda7eb91f6c900

SHA512
c9bf08556effe6198b4875ab79193fba6f300508dd1f5a8b06243538fb8c1fdd32c2e3b504a9c9f1fbc58f777c24aa07d1522ae0db9e377eb2b4e607821c6da5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Forbidden

Filesize
76KB

MD5
d042512855e54c4a4107f6ba04cb25d1

SHA1
09a3073b9bc4a11f9a0e33c2afa7672da3febf97

SHA256
8468c7c693b615a2861705f737e4c8b5a6e763b7301fa577e98ed6bb58e69637

SHA512
20f46d0b4571754635f265fb71bf2a3c00e2b2f9ee66d9ba69780bfcb53f2abb4722acdf5437918c92e88c7e30833d94d8485680c80b8b8f57abe0bb19d5461a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Itsa

Filesize
95KB

MD5
7e7616500a1f0f2a91af2d06b965be53

SHA1
f9a1067c6da9779fc81ab39cd3f9b96b7882a3d2

SHA256
ff696e7a922010d0d78ce1e52f12934f0c39d083b10880778af19af6a4000507

SHA512
de892cf8f4689ba5e9d819659e4ab44bef06ed96cf389de503953a0a1eb63a2350dd540d00c3bfe8326353287f91a91e089b78e3a06b8d6567804d6ea2755266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Ladder

Filesize
80KB

MD5
444d2dabef631158831d4360a26ae257

SHA1
c49b7ed1749c1fd40b49df928b1c7b4f70d01f0d

SHA256
800c3a24df3c8c7d3bab322f67f39ad3124b182ebc6b2eba466a8ee0ee91869e

SHA512
be08cb3254352b251e963e3eb0f17de26f9dc2e74c15ff390202ffe3fc3585af2535eb1d80e6d0d46fb999ba630198de945023a9bc0f374d6fb0b0dc094c9846

Download Submit
C:\Users\Admin\AppData\Local\Temp\Legacy

Filesize
477KB

MD5
1a13c9889c375c6556793a844315109c

SHA1
55318a0fea414aa0dec014e12597f468eb8ed2a9

SHA256
1e025c074949f978c8b3ff1bc26c2493979adc1b4b053ba74fd47c3efb5a2ee4

SHA512
045da1140d6f67db8c54e40d6157ba35057a4903fcd1a6c490c9ac1887cc82cf0520a6674a4fd55087a8af34c397a284499a99f13fd87fa45f284fa5c19ed2a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Meters

Filesize
65KB

MD5
a01837776c93311ea406f4a4a99cec4e

SHA1
2f2bb13ff4cb3e66c66fba8b511954005000f322

SHA256
426074372e2e05d2b9a3e2b2a669ce1d1b2d540973f6a1b5e81449b035de3b52

SHA512
21461a6b33d658926f81862e33e4957d958a57e21ee314c3791da42b4ec8a28084195dd3d7efe64b8be763084b7141a7d5f9cac22887a3cd0a8e01905edb9e83

Download Submit
C:\Users\Admin\AppData\Local\Temp\Mississippi

Filesize
138KB

MD5
ab3729b86daf2748d0fb777bb1e5f452

SHA1
badffe9f562b3d859f114019bcd264c83c667284

SHA256
60f820599e3e914e00499c97c013c9b092e8d43efa000070c5be937811951f09

SHA512
683b408266062071565bd16fb07d203e8befcff951c2f1b87c099cd438076ec6274c8b6a4fde8591e3b7876be8256ea2766c4fd4cf9a8b60dd7309ecf9415823

Download Submit
C:\Users\Admin\AppData\Local\Temp\Paths

Filesize
887B

MD5
466b9525929a7f86cebd8a23c52b510f

SHA1
5c43faf92c089e42de80f8ff85b262458b6b70e7

SHA256
375014cf6cad6dc572b7301bf1861ba4ccef6864f0c2b5952ea3eadfe631f0ba

SHA512
7f9641e619d8d30bcc22d35e62d49e64934c5a88f46a59d60f761e8f4b04c67e85c6cbcb3d371368cf1f4486dd7e0944af7f579f5f976d679efc62b12d585963

Download Submit
C:\Users\Admin\AppData\Local\Temp\Platinum

Filesize
59KB

MD5
119c4b2a3e15724c39e3b4dbfb4f95ba

SHA1
e29cbe007cacfba7164a76e2e2f4451c2773d071

SHA256
83d199b11c5443e923469f2b2bcdef42b9b6703a8b330509b3da89525f65e64f

SHA512
2207d6495b2394184f1ca7002caa7ddf27f10cae5bfc8d6b96b966517410527db2d6eec3b08468bfad0af37aed6dd01006bfc6dfbc08a54e4da0fd573e3a3acd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Pursuant

Filesize
51KB

MD5
248c40f4aafa4b6d102bf703c2ce50d5

SHA1
47b81bcdc853820f713f7855e3e70af8f42e8914

SHA256
e714ae0e048751ea1ac0bcaa56b438d0e187bd025be27c5784d8169255919d68

SHA512
cfd6cf2fabec0f3ce294e140b25ab84d2172b44e3cb089e524cb777bbbd80942eb35ed14bb4ea4b4bd2b3d2a42bed1354154d1e1aff49cd462d7b5f0ee3a1ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Specific

Filesize
111KB

MD5
311f240ea459ddcd28554c18eafeaef3

SHA1
c592463dedeab0229ca9865055ff1bd05c16e05a

SHA256
4b7efbf5b8175447e05876a032a6c516732cdc27e8c2539d220a25891921851b

SHA512
755e1861206af2c51548b06f1f7774b74bb52ac53ea38f981616b278ce30a82fc948e3dc5d41c94cb0dd9f331490593a804b3694f81684cd8d11d89bccd8f103

Download Submit
C:\Users\Admin\AppData\Local\Temp\Subject

Filesize
62KB

MD5
2d703f9ff135b5aeb91490c5990e9d0c

SHA1
6ee59c8439c845de06c2e56eefcc8f0ccf95ac75

SHA256
b5bf36c415b60bb6f585c4186a6b56bba500e467edc0b3042c60de88897965df

SHA512
439531e6df9c676b4607305f72e274abb5eb9258fa62ba950a8adcf418faf27f4453f005b198278695b18e0956bc3d46ba53f8cb3ab6c4c9f78bdd4b79bf0cdf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Walter

Filesize
87KB

MD5
1b5fb23ff232ad357d8065db3777be60

SHA1
be9f4a15bbcfbac76f79c995b2ce11ebcd13fe9b

SHA256
0664246a28055b1880eb010d0b061c238e8d201441504cfc670d68733f69fc41

SHA512
68250986112538945a42bea2a34ea22aacc80798f2762fb52e6432bb22e1eb5734b092ef7921ff2cf4a00f2a5147c3c518cfd34adb47141f6a24a667f9d533bc

Download Submit
memory/1084-70-0x0000000000180000-0x00000000001D8000-memory.dmp

Filesize
352KB

Download
memory/1084-72-0x0000000000180000-0x00000000001D8000-memory.dmp

Filesize
352KB

Download
memory/1084-71-0x0000000000180000-0x00000000001D8000-memory.dmp

Filesize
352KB

Download
memory/1084-73-0x0000000000180000-0x00000000001D8000-memory.dmp

Filesize
352KB

Download
memory/1084-74-0x0000000000180000-0x00000000001D8000-memory.dmp

Filesize
352KB

Download