lumma | 3e50b308a6366677b3fed9579f8f13dc721ae30b1534591c0ce5e083c1923a9f

Analysis

max time kernel
92s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14/01/2025, 19:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Upd_156_983_15.msi
Size

1.3MB
MD5

0cd2b95df897bd2037edff092699e169
SHA1

18c5d3394d9260c2641e06a58847b7a2818b8174
SHA256

3e50b308a6366677b3fed9579f8f13dc721ae30b1534591c0ce5e083c1923a9f
SHA512

b3015d2beb30d841f0fc1a46baf7b56664c23e10538b519b791d9cc9fc86602811d52eb328c3d7e0832d5dece0019e01985e0e97a63037217574e475f93c95b1
SSDEEP

24576:3z+Xe8tCex83Si8UCROEYG3VKcoBR9RXawxz6X3pvtL7rPVU6fB6bAogJQOVe:3D8tCq83KFROEUcoBRqwxMpvt/rPVRB8

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://handlequarte.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Blocklisted process makes network request 11 IoCs

flow	pid	Process
32	3700	cmd.exe
34	3700	cmd.exe
36	3700	cmd.exe
38	3700	cmd.exe
43	3700	cmd.exe
45	3700	cmd.exe
49	3700	cmd.exe
51	3700	cmd.exe
53	3700	cmd.exe
58	3700	cmd.exe
60	3700	cmd.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4728 set thread context of 3700	4728	steamerrorreporter64.exe	96

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{DB7E8471-4385-4714-B244-49F7CB3EE477}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIEFAF.tmp	msiexec.exe
File created	C:\Windows\Installer\e57ef15.msi	msiexec.exe
File created	C:\Windows\Installer\e57ef13.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57ef13.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
3136	steamerrorreporter64.exe
4728	steamerrorreporter64.exe

Loads dropped DLL 4 IoCs

pid	Process
3136	steamerrorreporter64.exe
3136	steamerrorreporter64.exe
4728	steamerrorreporter64.exe
4728	steamerrorreporter64.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
3292	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000009fc5eef0dbaffe7c0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800009fc5eef00000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809009fc5eef0000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d9fc5eef0000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000009fc5eef000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
3972	msiexec.exe
3972	msiexec.exe
3136	steamerrorreporter64.exe
4728	steamerrorreporter64.exe
4728	steamerrorreporter64.exe
3700	cmd.exe
3700	cmd.exe

Suspicious behavior: MapViewOfSection 1 IoCs

pid	Process
4728	steamerrorreporter64.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3292	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3292	msiexec.exe
Token: SeSecurityPrivilege	3972	msiexec.exe
Token: SeCreateTokenPrivilege	3292	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3292	msiexec.exe
Token: SeLockMemoryPrivilege	3292	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3292	msiexec.exe
Token: SeMachineAccountPrivilege	3292	msiexec.exe
Token: SeTcbPrivilege	3292	msiexec.exe
Token: SeSecurityPrivilege	3292	msiexec.exe
Token: SeTakeOwnershipPrivilege	3292	msiexec.exe
Token: SeLoadDriverPrivilege	3292	msiexec.exe
Token: SeSystemProfilePrivilege	3292	msiexec.exe
Token: SeSystemtimePrivilege	3292	msiexec.exe
Token: SeProfSingleProcessPrivilege	3292	msiexec.exe
Token: SeIncBasePriorityPrivilege	3292	msiexec.exe
Token: SeCreatePagefilePrivilege	3292	msiexec.exe
Token: SeCreatePermanentPrivilege	3292	msiexec.exe
Token: SeBackupPrivilege	3292	msiexec.exe
Token: SeRestorePrivilege	3292	msiexec.exe
Token: SeShutdownPrivilege	3292	msiexec.exe
Token: SeDebugPrivilege	3292	msiexec.exe
Token: SeAuditPrivilege	3292	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3292	msiexec.exe
Token: SeChangeNotifyPrivilege	3292	msiexec.exe
Token: SeRemoteShutdownPrivilege	3292	msiexec.exe
Token: SeUndockPrivilege	3292	msiexec.exe
Token: SeSyncAgentPrivilege	3292	msiexec.exe
Token: SeEnableDelegationPrivilege	3292	msiexec.exe
Token: SeManageVolumePrivilege	3292	msiexec.exe
Token: SeImpersonatePrivilege	3292	msiexec.exe
Token: SeCreateGlobalPrivilege	3292	msiexec.exe
Token: SeBackupPrivilege	3816	vssvc.exe
Token: SeRestorePrivilege	3816	vssvc.exe
Token: SeAuditPrivilege	3816	vssvc.exe
Token: SeBackupPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
3292	msiexec.exe
3292	msiexec.exe

Suspicious use of WriteProcessMemory 10 IoCs

description	pid	Process	procid_target
PID 3972 wrote to memory of 3240	3972	msiexec.exe	92
PID 3972 wrote to memory of 3240	3972	msiexec.exe	92
PID 3972 wrote to memory of 3136	3972	msiexec.exe	94
PID 3972 wrote to memory of 3136	3972	msiexec.exe	94
PID 3136 wrote to memory of 4728	3136	steamerrorreporter64.exe	95
PID 3136 wrote to memory of 4728	3136	steamerrorreporter64.exe	95
PID 4728 wrote to memory of 3700	4728	steamerrorreporter64.exe	96
PID 4728 wrote to memory of 3700	4728	steamerrorreporter64.exe	96
PID 4728 wrote to memory of 3700	4728	steamerrorreporter64.exe	96
PID 4728 wrote to memory of 3700	4728	steamerrorreporter64.exe	96

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Upd_156_983_15.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3292

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3972
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:3240
- C:\Users\Admin\AppData\Local\Temp\Arrivisme\steamerrorreporter64.exe
  "C:\Users\Admin\AppData\Local\Temp\Arrivisme\steamerrorreporter64.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3136
- - C:\Users\Admin\AppData\Roaming\FMNbg\steamerrorreporter64.exe
    C:\Users\Admin\AppData\Roaming\FMNbg\steamerrorreporter64.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:4728
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      4⤵
      Blocklisted process makes network request
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:3700

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57ef14.rbs

Filesize
8KB

MD5
6ace5ee0ed043b2ff26c4fcf33d2b012

SHA1
1ac26f2f4cd121b757ca1994a8530c952aeaef57

SHA256
b5e46303e93b4e3bf20ed94b0eb4a2d4afb4ef7617272d2e222a00babcc5b3ab

SHA512
4e2c4f4750d96bdc658870d64e9ab23bb710561195bff6de13bd92aec3b805e1c8d31f9121eff0ff25a498915ccee9014709fcdd7d3d43e5c61f07aa7fa36eb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Arrivisme\archiepiscopacy.yaml

Filesize
815KB

MD5
47d369b338e13d5e243544b3c5425d7a

SHA1
2ab78d40a4c4982175aea3c2d1bd0332ceb8c241

SHA256
21d3db6c03ddf05e5eec27b047e33de15b0164d79d35acbc0527b44d71515147

SHA512
af992af7479139dc5e60f08b3df6fbc6d42e319b446db5352a1fcb6f5334acafb9681f85d75a4f9070fe6b4fcd9530784433934daffe26ea6b137cef96013ab4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Arrivisme\bobble.txt

Filesize
44KB

MD5
85190373e9b50a5908774e73c2071f78

SHA1
385f1def7007914c5a7a1d9c0354e326af4540cc

SHA256
56e1e2e1ce9c132f17ff26edcf79da628da2ea94b1e470cadebf23f140f0a3c0

SHA512
fd240d3d1b49abb10e26906a7c27b5eda969745cd8f311a9c1f9c914a58a290498f5e01af96dc662fd666fa388bd7be95827a61c190f5b07c020f0b04bdc0996

Download Submit
C:\Users\Admin\AppData\Local\Temp\Arrivisme\steamerrorreporter64.exe

Filesize
641KB

MD5
d21dbb34dfab75a0bd4b6d097d716f06

SHA1
fd298b1a939fc87f989ca0809fe5b3f284b7fe19

SHA256
c8ee8c33a35fbb2eb7aac8bb4eb31c94a8cc3fab11aa5580391667c21f5ead3f

SHA512
515ba560964d0b68c46b4b6a285c29e4acf79842ebf632127900cafcd59248a55a93515937600be29490e5677323632f73dd91e2830e95ab1dd6ed71477397e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Arrivisme\tier0_s64.dll

Filesize
394KB

MD5
f0be921a6ec41e5622da1b5fc1cefedf

SHA1
ffbb7f95015a16731cc0a89ccce844a35cdd0f2e

SHA256
366f2728eee842fa56dc03e848199642cdc0eda0b2e156fe941b056e8b5a2b73

SHA512
54afd7c740ff21a527c70922b94d8176eff7d8a9cce702091df0f7f0d168dc09db0a6e11d3985e3342959676d8209acd7600eb7bdb7007baa9044831f149070c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Arrivisme\vstdlib_s64.dll

Filesize
681KB

MD5
a395dbffcd50ce79c74c67944ec9a022

SHA1
f757fc586be9d450fda9b3a7fcc57e935c1905ba

SHA256
516dfce788eca1dac99fdbf3783ad3d59a5e3dbd97d611bcea41b1c4a3cda005

SHA512
c7e01d56509d0e2df41942e516ea4c95cbbb0fa677ce8a95c3a05a027eb1b625f6206b408570ed27cff0e42dad29b061132133429adb514c864acad61cb01762

Download Submit
C:\Users\Admin\AppData\Local\Temp\a7cc3f57

Filesize
1.0MB

MD5
c3f9937220ea74e8f393614190b5f71d

SHA1
8bae4f173d09fd5eb50a43b17820066ff11040f6

SHA256
02b0e7353431b253cc0911baeeb02f1b0f50cb428559b063eae2b5320d7ad8e9

SHA512
3fb8cd30c72ef407fd960b2b643ceac96f0c3f1806f7c24f0663a5080fa19328138b55bac0f3becedf5272e5ee2402f069fe937588991edb73bab20f306ed0d8

Download Submit
C:\Windows\Installer\e57ef13.msi

Filesize
1.3MB

MD5
0cd2b95df897bd2037edff092699e169

SHA1
18c5d3394d9260c2641e06a58847b7a2818b8174

SHA256
3e50b308a6366677b3fed9579f8f13dc721ae30b1534591c0ce5e083c1923a9f

SHA512
b3015d2beb30d841f0fc1a46baf7b56664c23e10538b519b791d9cc9fc86602811d52eb328c3d7e0832d5dece0019e01985e0e97a63037217574e475f93c95b1

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
2a97138973cdc9781b5bcb7c66ec69a9

SHA1
d2620ab4c96ba75627c15cb6e7c7e5982f0b767f

SHA256
34d3e72d3dd471014f4cac0cba9ee0e7dad960069cd1aa9816dd85645c753e0e

SHA512
8b4703eb1c625acd5dbbc519add76f6c904e4f2ad6b8bcea5c27df8afccdb3b8ea851c65bba9e5e2bde11f0e40078830d4474330d44e00d48b66dcc53d433f73

Download Submit
\??\Volume{f0eec59f-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{b1842e14-5124-4678-a7f7-698ac86852ce}_OnDiskSnapshotProp

Filesize
6KB

MD5
dc3c500ac6777d91e70dc253af608528

SHA1
9de18df81f3e2037d43a3a1fc76dcb18b2fc77bb

SHA256
3c3914199f506692621f95bcd0f2bde28b843ffe73602c1354db8293de986ec6

SHA512
b20d1b33bfc4033d3893083a54584988a0f49505b80abc4fbd43d65a261bd149205048fa4434e79ddde738a37d6ab685e27c24d8e875be192a15089eae4cfae6

Download Submit
memory/3136-34-0x00007FFFD0A60000-0x00007FFFD0BD2000-memory.dmp

Filesize
1.4MB

Download
memory/3700-55-0x00007FFFF01F0000-0x00007FFFF03E5000-memory.dmp

Filesize
2.0MB

Download
memory/3700-59-0x00000000756A0000-0x000000007581B000-memory.dmp

Filesize
1.5MB

Download
memory/3700-56-0x0000000074440000-0x0000000075694000-memory.dmp

Filesize
18.3MB

Download
memory/3700-60-0x0000000074440000-0x0000000075694000-memory.dmp

Filesize
18.3MB

Download
memory/4728-51-0x00007FFFD0C00000-0x00007FFFD0D72000-memory.dmp

Filesize
1.4MB

Download
memory/4728-52-0x00007FFFD0C00000-0x00007FFFD0D72000-memory.dmp

Filesize
1.4MB

Download