lumma | 3a9369aefe2a1212ca0bfadc0925d0149caf6436d1d9934e35c976fc9194a344

Analysis

max time kernel
94s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-01-2025 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Browser_128_344_166.msi
Size

1.2MB
MD5

6265ad87754194af5bbd40aada2930a9
SHA1

211b19af5e77f153f431ac223b9c22e8a5275ae9
SHA256

3a9369aefe2a1212ca0bfadc0925d0149caf6436d1d9934e35c976fc9194a344
SHA512

fe16f9d906996db99c55ed815fbe5c3be722c49a1a916a89c71c46a7fd2b7c40f2dadabe54a7dfe38a78a85d2115dd34c276f881c910a8cd1505090a2db3779e
SSDEEP

24576:y/QsaepAxRKUMbZHkw92S1SBcKLmv47n4pQixafg9WPo7:BsTpAxrYMpmK41Mfg9N

Score

10^/10

lumma discovery persistence privilege_escalation stealer

Malware Config

Extracted

Family

lumma

https://handlequarte.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 536 set thread context of 4640	536	steamerrorreporter.exe	98

Drops file in Windows directory 8 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\e57c90d.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{1B0AFDE1-E780-4315-9F34-1F0901483490}	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIC999.tmp	msiexec.exe
File created	C:\Windows\Installer\e57c90f.msi	msiexec.exe
File created	C:\Windows\Installer\e57c90d.msi	msiexec.exe

Executes dropped EXE 2 IoCs

pid	Process
3660	steamerrorreporter.exe
536	steamerrorreporter.exe

Loads dropped DLL 4 IoCs

pid	Process
3660	steamerrorreporter.exe
3660	steamerrorreporter.exe
536	steamerrorreporter.exe
536	steamerrorreporter.exe

Event Triggered Execution: Installer Packages 2 TTPs 1 IoCs

persistence privilege_escalation

Installer Packages

T1546.016

Msiexec

T1218.007

pid	Process
4648	msiexec.exe

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	steamerrorreporter.exe

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000e6cf55ff94a5976e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000e6cf55ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900e6cf55ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1de6cf55ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000e6cf55ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Suspicious behavior: EnumeratesProcesses 7 IoCs

pid	Process
2584	msiexec.exe
2584	msiexec.exe
3660	steamerrorreporter.exe
536	steamerrorreporter.exe
536	steamerrorreporter.exe
4640	cmd.exe
4640	cmd.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
536	steamerrorreporter.exe
4640	cmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4648	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4648	msiexec.exe
Token: SeSecurityPrivilege	2584	msiexec.exe
Token: SeCreateTokenPrivilege	4648	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	4648	msiexec.exe
Token: SeLockMemoryPrivilege	4648	msiexec.exe
Token: SeIncreaseQuotaPrivilege	4648	msiexec.exe
Token: SeMachineAccountPrivilege	4648	msiexec.exe
Token: SeTcbPrivilege	4648	msiexec.exe
Token: SeSecurityPrivilege	4648	msiexec.exe
Token: SeTakeOwnershipPrivilege	4648	msiexec.exe
Token: SeLoadDriverPrivilege	4648	msiexec.exe
Token: SeSystemProfilePrivilege	4648	msiexec.exe
Token: SeSystemtimePrivilege	4648	msiexec.exe
Token: SeProfSingleProcessPrivilege	4648	msiexec.exe
Token: SeIncBasePriorityPrivilege	4648	msiexec.exe
Token: SeCreatePagefilePrivilege	4648	msiexec.exe
Token: SeCreatePermanentPrivilege	4648	msiexec.exe
Token: SeBackupPrivilege	4648	msiexec.exe
Token: SeRestorePrivilege	4648	msiexec.exe
Token: SeShutdownPrivilege	4648	msiexec.exe
Token: SeDebugPrivilege	4648	msiexec.exe
Token: SeAuditPrivilege	4648	msiexec.exe
Token: SeSystemEnvironmentPrivilege	4648	msiexec.exe
Token: SeChangeNotifyPrivilege	4648	msiexec.exe
Token: SeRemoteShutdownPrivilege	4648	msiexec.exe
Token: SeUndockPrivilege	4648	msiexec.exe
Token: SeSyncAgentPrivilege	4648	msiexec.exe
Token: SeEnableDelegationPrivilege	4648	msiexec.exe
Token: SeManageVolumePrivilege	4648	msiexec.exe
Token: SeImpersonatePrivilege	4648	msiexec.exe
Token: SeCreateGlobalPrivilege	4648	msiexec.exe
Token: SeBackupPrivilege	1712	vssvc.exe
Token: SeRestorePrivilege	1712	vssvc.exe
Token: SeAuditPrivilege	1712	vssvc.exe
Token: SeBackupPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe
Token: SeTakeOwnershipPrivilege	2584	msiexec.exe
Token: SeRestorePrivilege	2584	msiexec.exe

Suspicious use of FindShellTrayWindow 2 IoCs

pid	Process
4648	msiexec.exe
4648	msiexec.exe

Suspicious use of WriteProcessMemory 16 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 2852	2584	msiexec.exe	91
PID 2584 wrote to memory of 2852	2584	msiexec.exe	91
PID 2584 wrote to memory of 3660	2584	msiexec.exe	95
PID 2584 wrote to memory of 3660	2584	msiexec.exe	95
PID 2584 wrote to memory of 3660	2584	msiexec.exe	95
PID 3660 wrote to memory of 536	3660	steamerrorreporter.exe	97
PID 3660 wrote to memory of 536	3660	steamerrorreporter.exe	97
PID 3660 wrote to memory of 536	3660	steamerrorreporter.exe	97
PID 536 wrote to memory of 4640	536	steamerrorreporter.exe	98
PID 536 wrote to memory of 4640	536	steamerrorreporter.exe	98
PID 536 wrote to memory of 4640	536	steamerrorreporter.exe	98
PID 536 wrote to memory of 4640	536	steamerrorreporter.exe	98
PID 4640 wrote to memory of 452	4640	cmd.exe	109
PID 4640 wrote to memory of 452	4640	cmd.exe	109
PID 4640 wrote to memory of 452	4640	cmd.exe	109
PID 4640 wrote to memory of 452	4640	cmd.exe	109

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\msiexec.exe
msiexec.exe /I C:\Users\Admin\AppData\Local\Temp\Browser_128_344_166.msi
1⤵
- Enumerates connected drives
- Event Triggered Execution: Installer Packages
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4648

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:2852
- C:\Users\Admin\AppData\Local\Pulu\steamerrorreporter.exe
  "C:\Users\Admin\AppData\Local\Pulu\steamerrorreporter.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:3660
- - C:\Users\Admin\AppData\Roaming\protectwriter\steamerrorreporter.exe
    C:\Users\Admin\AppData\Roaming\protectwriter\steamerrorreporter.exe
    3⤵
    - Suspicious use of SetThreadContext
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: MapViewOfSection
    - Suspicious use of WriteProcessMemory
    PID:536
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\cmd.exe
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: MapViewOfSection
      Suspicious use of WriteProcessMemory
      PID:4640
    - - C:\Windows\SysWOW64\explorer.exe
        
        C:\Windows\SysWOW64\explorer.exe
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:452

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:1712

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Installer Packages

T1546.016

Privilege Escalation

Event Triggered Execution

T1546

Installer Packages

T1546.016

Defense Evasion

System Binary Proxy Execution

T1218

Msiexec

T1218.007

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e57c90e.rbs

Filesize
8KB

MD5
5d73b167d8634ee46c720b04a8a93654

SHA1
c414061254fb824be65aed2738afa868c2418342

SHA256
ccc3972cb731c3d514a1d020914af8e00bc74ab387aac32a07c462b23a44c071

SHA512
e13b8775e17e6347087c1e7d94f8adaac4aa1b67f201fab675ae89c8f649ed01bd538d0f6465fc8d4198aadb122482eefa71ba81657e91cc8972a1760e3463e6

Download Submit
C:\Users\Admin\AppData\Local\Pulu\bookmark.pkg

Filesize
807KB

MD5
bfa7cf4e086bfa4d7d705c00a8804993

SHA1
bab0b20067646f0ce6667bf295e1b1e27c8c8d45

SHA256
b522c814134b6f0ccfd956b332125a7b79875a50c546339547bacc75f0e4724f

SHA512
c1f23e06071fb5d1158a0c9d671e7c72924a45c335fc01cb5037a45755700d3aa8ffd24d4534394682625da42fbecfb01e4995a2ffaeb6416340ca3412533c33

Download Submit
C:\Users\Admin\AppData\Local\Pulu\camellia.ai

Filesize
35KB

MD5
ef4cc2dc2376885bd5fe462f2e2c2306

SHA1
569c6142aad7df78e15248e1ec330aa257c822c6

SHA256
a4e58970b06198c3ba9ccea820107cbb9ffd3e6a573cb88fac2b9cf1189bfdb9

SHA512
75c3911ff3d8fe1cdf3ac658f0ba8be7c1e23ada08fbac5ec0ef7315728c74e8a470b5f96c287f3e8c93e95bb08f5c60eba4246260e83d949dd980440cadb489

Download Submit
C:\Users\Admin\AppData\Local\Pulu\steamerrorreporter.exe

Filesize
560KB

MD5
dc1681b98049f1df46dd10d7f4c26045

SHA1
4c7f5cf7c00b6139979f8aa41f46979666369224

SHA256
594f9853124e0a81deeaaecb8ec3d192169e7393778214ef6d8f6460450ef080

SHA512
c9a2086326acbab8aba801da0d8bd2aa06951ec7fd7f32a3150f9521498c0b6711552695fbf9d0de7668503630c508bcd68e1d715796ef34f9945035da3fe1ed

Download Submit
C:\Users\Admin\AppData\Local\Pulu\tier0_s.dll

Filesize
330KB

MD5
86e38e6248c90cf7b79541f5cf565cce

SHA1
a746e8e6ee1a5010e5fa34cee7a3d29a11e9d035

SHA256
021152ff66cc6a397f1f2e26575d73c19c7e065ad23e2d811340abf759d6b2e8

SHA512
2d0d3238988e41ad47f0f35c6271e7f25379d3de5b949b63f795d80fbdb02594398fa3c7830418ff8feb67c6cac2ccd7d4ec64ade9fec2a1b072718215a9a54d

Download Submit
C:\Users\Admin\AppData\Local\Pulu\vstdlib_s.dll

Filesize
530KB

MD5
bf433279dfa1820d93ef9417fceaf306

SHA1
21dfda7d0ce11dba8f786c72d0a4db1dd3a82308

SHA256
3fa60435cba38c85310eeba1032bf1d305aeea2e4cf890c17966366d63d43963

SHA512
dd1823f68a25cb9d25d125267e9ea4fb0803ec0133b5fd183cf0d832ad1dceca53a8a7d4d79b94ce0b67ef3050334373ec80c211fa1ff8888c4a724d64a1b250

Download Submit
C:\Users\Admin\AppData\Local\Temp\6e6dbc1c

Filesize
1.0MB

MD5
6df855093af0e4212d7480da3518eeee

SHA1
8dff27165b65569c18f5d1a806abf824a5a7e774

SHA256
0839952e2b78b879c5635fb368038c34a566e9287f29a51b1c2c29734974db2d

SHA512
31e70f3a3e0ee76d90a7a09b59bae5709f5077461963f4ac6f4de1c86eb49db8d17547a9e82eb0d5af585c5b7e867aad3bc11c294d9f3edc060fb5bc0705f49c

Download Submit
C:\Windows\Installer\e57c90d.msi

Filesize
1.2MB

MD5
6265ad87754194af5bbd40aada2930a9

SHA1
211b19af5e77f153f431ac223b9c22e8a5275ae9

SHA256
3a9369aefe2a1212ca0bfadc0925d0149caf6436d1d9934e35c976fc9194a344

SHA512
fe16f9d906996db99c55ed815fbe5c3be722c49a1a916a89c71c46a7fd2b7c40f2dadabe54a7dfe38a78a85d2115dd34c276f881c910a8cd1505090a2db3779e

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
24.1MB

MD5
3d9d28bad9e6bb9d26c282900c441c2a

SHA1
8e9b14f04be66efc48686514cb6990b4572ee5f2

SHA256
2b15f7108d023da06384abd94edd915c5a8fa3047420da14818bdcb69e5e00fa

SHA512
dead866d09201de572bea50ff04214eeab7e143981b2dc78bff4ce7b19dc385bd0d53d2bace4dfb31c20172b5ccd2b801a07a030cc3f82793f86d3068f6e3071

Download Submit
\??\Volume{ff55cfe6-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{2a6b2fb7-b864-4571-81cf-73b42064cba5}_OnDiskSnapshotProp

Filesize
6KB

MD5
bbc9fceae77fad17667adf04e63cf359

SHA1
baf586649483529c0cee06a25155905a3efa6cf1

SHA256
8709808a7883a0454be06c05277878ceb18dd969fe73e5ea9c39f1602b018562

SHA512
bb8d8a4ffa86c07571666ed0ecb0a6967b74b95a3209723a6d81f3467923de2bab527095d09bcedadafa18ee61f4365205577fc9c02625d69a90686e3d14b4e8

Download Submit
memory/452-60-0x00007FF927810000-0x00007FF927A05000-memory.dmp

Filesize
2.0MB

Download
memory/452-61-0x0000000000FA0000-0x0000000000FFE000-memory.dmp

Filesize
376KB

Download
memory/452-62-0x0000000000FA0000-0x0000000000FFE000-memory.dmp

Filesize
376KB

Download
memory/536-52-0x0000000074630000-0x00000000747AB000-memory.dmp

Filesize
1.5MB

Download
memory/536-53-0x00007FF927810000-0x00007FF927A05000-memory.dmp

Filesize
2.0MB

Download
memory/536-54-0x0000000074630000-0x00000000747AB000-memory.dmp

Filesize
1.5MB

Download
memory/3660-35-0x00007FF927810000-0x00007FF927A05000-memory.dmp

Filesize
2.0MB

Download
memory/3660-34-0x0000000074630000-0x00000000747AB000-memory.dmp

Filesize
1.5MB

Download
memory/4640-57-0x00007FF927810000-0x00007FF927A05000-memory.dmp

Filesize
2.0MB

Download
memory/4640-58-0x0000000074630000-0x00000000747AB000-memory.dmp

Filesize
1.5MB

Download