lumma | 3a9369aefe2a1212ca0bfadc0925d0149caf6436d1d9934e35c976fc9194a344

Analysis

max time kernel
94s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2025 21:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Browser_128_344_166.msi
Size

1.2MB
MD5

6265ad87754194af5bbd40aada2930a9
SHA1

211b19af5e77f153f431ac223b9c22e8a5275ae9
SHA256

3a9369aefe2a1212ca0bfadc0925d0149caf6436d1d9934e35c976fc9194a344
SHA512

fe16f9d906996db99c55ed815fbe5c3be722c49a1a916a89c71c46a7fd2b7c40f2dadabe54a7dfe38a78a85d2115dd34c276f881c910a8cd1505090a2db3779e
SSDEEP

24576:y/QsaepAxRKUMbZHkw92S1SBcKLmv47n4pQixafg9WPo7:BsTpAxrYMpmK41Mfg9N

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://handlequarte.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2544 set thread context of 4600	2544	steamerrorreporter.exe	93

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\Installer\SourceHash{1B0AFDE1-E780-4315-9F34-1F0901483490}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIDBD9.tmp	msiexec.exe
File created	C:\Windows\Installer\e57db10.msi	msiexec.exe
File created	C:\Windows\Installer\e57db0e.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e57db0e.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
4724	steamerrorreporter.exe
2544	steamerrorreporter.exe

Loads dropped DLL 4 IoCs

pid	Process
4724	steamerrorreporter.exe
4724	steamerrorreporter.exe
2544	steamerrorreporter.exe
2544	steamerrorreporter.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
1356	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000001397c7f967de25740000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800001397c7f90000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809001397c7f9000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d1397c7f9000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000001397c7f900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
5076	msiexec.exe
5076	msiexec.exe
4724	steamerrorreporter.exe
2544	steamerrorreporter.exe
2544	steamerrorreporter.exe
4600	cmd.exe
4600	cmd.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
2544	steamerrorreporter.exe
4600	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1356	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1356	msiexec.exe
Token: SeSecurityPrivilege	5076	msiexec.exe
Token: SeCreateTokenPrivilege	1356	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	1356	msiexec.exe
Token: SeLockMemoryPrivilege	1356	msiexec.exe
Token: SeIncreaseQuotaPrivilege	1356	msiexec.exe
Token: SeMachineAccountPrivilege	1356	msiexec.exe
Token: SeTcbPrivilege	1356	msiexec.exe
Token: SeSecurityPrivilege	1356	msiexec.exe
Token: SeTakeOwnershipPrivilege	1356	msiexec.exe
Token: SeLoadDriverPrivilege	1356	msiexec.exe
Token: SeSystemProfilePrivilege	1356	msiexec.exe
Token: SeSystemtimePrivilege	1356	msiexec.exe
Token: SeProfSingleProcessPrivilege	1356	msiexec.exe
Token: SeIncBasePriorityPrivilege	1356	msiexec.exe
Token: SeCreatePagefilePrivilege	1356	msiexec.exe
Token: SeCreatePermanentPrivilege	1356	msiexec.exe
Token: SeBackupPrivilege	1356	msiexec.exe
Token: SeRestorePrivilege	1356	msiexec.exe
Token: SeShutdownPrivilege	1356	msiexec.exe
Token: SeDebugPrivilege	1356	msiexec.exe
Token: SeAuditPrivilege	1356	msiexec.exe
Token: SeSystemEnvironmentPrivilege	1356	msiexec.exe
Token: SeChangeNotifyPrivilege	1356	msiexec.exe
Token: SeRemoteShutdownPrivilege	1356	msiexec.exe
Token: SeUndockPrivilege	1356	msiexec.exe
Token: SeSyncAgentPrivilege	1356	msiexec.exe
Token: SeEnableDelegationPrivilege	1356	msiexec.exe
Token: SeManageVolumePrivilege	1356	msiexec.exe
Token: SeImpersonatePrivilege	1356	msiexec.exe
Token: SeCreateGlobalPrivilege	1356	msiexec.exe
Token: SeBackupPrivilege	3496	vssvc.exe
Token: SeRestorePrivilege	3496	vssvc.exe
Token: SeAuditPrivilege	3496	vssvc.exe
Token: SeBackupPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe
Token: SeTakeOwnershipPrivilege	5076	msiexec.exe
Token: SeRestorePrivilege	5076	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
1356	msiexec.exe
1356	msiexec.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 5076 wrote to memory of 2316	5076	msiexec.exe	87
PID 5076 wrote to memory of 2316	5076	msiexec.exe	87
PID 5076 wrote to memory of 4724	5076	msiexec.exe	89
PID 5076 wrote to memory of 4724	5076	msiexec.exe	89
PID 5076 wrote to memory of 4724	5076	msiexec.exe	89
PID 4724 wrote to memory of 2544	4724	steamerrorreporter.exe	92
PID 4724 wrote to memory of 2544	4724	steamerrorreporter.exe	92
PID 4724 wrote to memory of 2544	4724	steamerrorreporter.exe	92
PID 2544 wrote to memory of 4600	2544	steamerrorreporter.exe	93
PID 2544 wrote to memory of 4600	2544	steamerrorreporter.exe	93
PID 2544 wrote to memory of 4600	2544	steamerrorreporter.exe	93
PID 2544 wrote to memory of 4600	2544	steamerrorreporter.exe	93
PID 4600 wrote to memory of 4012	4600	cmd.exe	102
PID 4600 wrote to memory of 4012	4600	cmd.exe	102
PID 4600 wrote to memory of 4012	4600	cmd.exe	102
PID 4600 wrote to memory of 4012	4600	cmd.exe	102

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Browser_128_344_166.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1356

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:5076
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2316
- C:\Users\Admin\AppData\Local\Pulu\steamerrorreporter.exe
  "C:\Users\Admin\AppData\Local\Pulu\steamerrorreporter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:4724
- - C:\Users\Admin\AppData\Roaming\protectwriter\steamerrorreporter.exe
    C:\Users\Admin\AppData\Roaming\protectwriter\steamerrorreporter.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:2544
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:4600
    - - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:4012

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57db0f.rbs

Filesize
8KB

MD5
aa830ccb0d3b482d060fe4fc1daccbf1

SHA1
afff1647975e3cd488fc45771ff81f97a47e3455

SHA256
fd16806d5e7024ddf996b9323bf85824724a081241ea0c28665d0bf8381048af

SHA512
03a4b863c80d271473d5991f8e9493eea64cd4cbfaa8eb25dbbb049cd28f7f8a72f9b7147269086ecc08c0f387a4fa3d87123d6f7c39b11871515da05add9c67

Download Submit
C:\Users\Admin\AppData\Local\Pulu\bookmark.pkg

Filesize
807KB

MD5
bfa7cf4e086bfa4d7d705c00a8804993

SHA1
bab0b20067646f0ce6667bf295e1b1e27c8c8d45

SHA256
b522c814134b6f0ccfd956b332125a7b79875a50c546339547bacc75f0e4724f

SHA512
c1f23e06071fb5d1158a0c9d671e7c72924a45c335fc01cb5037a45755700d3aa8ffd24d4534394682625da42fbecfb01e4995a2ffaeb6416340ca3412533c33

Download Submit
C:\Users\Admin\AppData\Local\Pulu\camellia.ai

Filesize
35KB

MD5
ef4cc2dc2376885bd5fe462f2e2c2306

SHA1
569c6142aad7df78e15248e1ec330aa257c822c6

SHA256
a4e58970b06198c3ba9ccea820107cbb9ffd3e6a573cb88fac2b9cf1189bfdb9

SHA512
75c3911ff3d8fe1cdf3ac658f0ba8be7c1e23ada08fbac5ec0ef7315728c74e8a470b5f96c287f3e8c93e95bb08f5c60eba4246260e83d949dd980440cadb489

Download Submit
C:\Users\Admin\AppData\Local\Pulu\steamerrorreporter.exe

Filesize
560KB

MD5
dc1681b98049f1df46dd10d7f4c26045

SHA1
4c7f5cf7c00b6139979f8aa41f46979666369224

SHA256
594f9853124e0a81deeaaecb8ec3d192169e7393778214ef6d8f6460450ef080

SHA512
c9a2086326acbab8aba801da0d8bd2aa06951ec7fd7f32a3150f9521498c0b6711552695fbf9d0de7668503630c508bcd68e1d715796ef34f9945035da3fe1ed

Download Submit
C:\Users\Admin\AppData\Local\Pulu\tier0_s.dll

Filesize
330KB

MD5
86e38e6248c90cf7b79541f5cf565cce

SHA1
a746e8e6ee1a5010e5fa34cee7a3d29a11e9d035

SHA256
021152ff66cc6a397f1f2e26575d73c19c7e065ad23e2d811340abf759d6b2e8

SHA512
2d0d3238988e41ad47f0f35c6271e7f25379d3de5b949b63f795d80fbdb02594398fa3c7830418ff8feb67c6cac2ccd7d4ec64ade9fec2a1b072718215a9a54d

Download Submit
C:\Users\Admin\AppData\Local\Pulu\vstdlib_s.dll

Filesize
530KB

MD5
bf433279dfa1820d93ef9417fceaf306

SHA1
21dfda7d0ce11dba8f786c72d0a4db1dd3a82308

SHA256
3fa60435cba38c85310eeba1032bf1d305aeea2e4cf890c17966366d63d43963

SHA512
dd1823f68a25cb9d25d125267e9ea4fb0803ec0133b5fd183cf0d832ad1dceca53a8a7d4d79b94ce0b67ef3050334373ec80c211fa1ff8888c4a724d64a1b250

Download Submit
C:\Users\Admin\AppData\Local\Temp\87ada29f

Filesize
1.0MB

MD5
0c95e7678c32bb0416c57a9fe3c817d4

SHA1
6f04a44f1ebc32f58b5bb213ad75ba82425dfc2e

SHA256
88d11ad5f943ab7a1861e8959f4190829744f9e17bc8b5276683973038a8244e

SHA512
79b9e79891439803aaedb218d9d7aac797b1a03d53e82ef3c25922944676b27bb3630833c1f1ff01345eac7cd86d39046602437065a27b386dcfe501542c830c

Download Submit
C:\Windows\Installer\e57db0e.msi

Filesize
1.2MB

MD5
6265ad87754194af5bbd40aada2930a9

SHA1
211b19af5e77f153f431ac223b9c22e8a5275ae9

SHA256
3a9369aefe2a1212ca0bfadc0925d0149caf6436d1d9934e35c976fc9194a344

SHA512
fe16f9d906996db99c55ed815fbe5c3be722c49a1a916a89c71c46a7fd2b7c40f2dadabe54a7dfe38a78a85d2115dd34c276f881c910a8cd1505090a2db3779e

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
88d951bae96fa01b97d903f949f6e44b

SHA1
a59b2b6a5f2487a3f516a760f692971213d9ce3c

SHA256
69cd8fb2df358a07c89a9f07ba1ef15d73a36acd333d19a4953e52aa914e436f

SHA512
76b10931311279834cd870413b9a3bc9d1a5b05c3317c830c334e46695baa55da1817dd647f43eabf6c0afd75fbfc081ee10679d5aa1bfab19d00dc4fc14b184

Download Submit
\??\Volume{f9c79713-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{6b9e37c8-58a7-469e-bb35-519c03ef9049}_OnDiskSnapshotProp

Filesize
6KB

MD5
706d8803cdee65cffad379e6e110fb9c

SHA1
799e51c45956c1f6ef4e9b3f30a21174a6244894

SHA256
778cf07f7c8f119ccefd72e6dcd6c03f08cc6c4e406d038b33bd6b16f6f6c5b6

SHA512
87fd763fb1bc359e404c5a3d5c018610edb703c417c3856b88e0255f22934e0ba4c0ef74fd2a635585f69be2507cffd6c7a10b4f43a0b79c194fd539b9b182dd

Download Submit
memory/2544-52-0x0000000074B20000-0x0000000074C9B000-memory.dmp

Filesize
1.5MB

Download
memory/2544-53-0x00007FF9A7830000-0x00007FF9A7A25000-memory.dmp

Filesize
2.0MB

Download
memory/2544-54-0x0000000074B20000-0x0000000074C9B000-memory.dmp

Filesize
1.5MB

Download
memory/4012-62-0x00000000003F0000-0x000000000044E000-memory.dmp

Filesize
376KB

Download
memory/4012-61-0x00000000003F0000-0x000000000044E000-memory.dmp

Filesize
376KB

Download
memory/4012-60-0x00007FF9A7830000-0x00007FF9A7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4600-57-0x00007FF9A7830000-0x00007FF9A7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4600-58-0x0000000074B20000-0x0000000074C9B000-memory.dmp

Filesize
1.5MB

Download
memory/4724-37-0x00007FF9A7830000-0x00007FF9A7A25000-memory.dmp

Filesize
2.0MB

Download
memory/4724-36-0x0000000074A90000-0x0000000074C0B000-memory.dmp

Filesize
1.5MB

Download