lumma | 0be6bc2d9b159620e3043218265fbb11b2b302d23ca5bb9cf0e6d8577582d607

Analysis

max time kernel
91s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
23-01-2025 15:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

appFile.exe
Size

843.2MB
MD5

d8adeff8cbaa54d6e812c7678a42e2cc
SHA1

7dba52751f7162254b06ee0b39d83b906e3d194c
SHA256

85215291ac6eba0e637b92c6676147fc0e62615f5c3492e5a41076efd7efef17
SHA512

f86927cf19dc62d338d59b2999a77b44f65f27beef8da95c4cb953e125260df82b7e7e01ef43c8ec5a81518396eda167bbd28747199c1bf00fb38794897e18bd
SSDEEP

786432:3OZ1sUMG3o+jg2AFRiN5ShM1snlKtnzkKcKW:3mSCYCKiN4hM1snlKtnzkv

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

https://suggestyuoz.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	appFile.exe

Executes dropped EXE 1 IoCs

pid	Process
2876	Terrorists.com

Enumerates processes with tasklist 1 TTPs 2 IoCs

discovery

Process Discovery

T1057

pid	Process
3964	tasklist.exe
5064	tasklist.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File opened for modification	C:\Windows\CorpsMartha	appFile.exe
File opened for modification	C:\Windows\AnytimeSustained	appFile.exe
File opened for modification	C:\Windows\VintagePatches	appFile.exe
File opened for modification	C:\Windows\ConsistFreely	appFile.exe
File opened for modification	C:\Windows\ExistingExclusive	appFile.exe
File opened for modification	C:\Windows\RatherNotes	appFile.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Terrorists.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	appFile.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	findstr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	tasklist.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	extrac32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	choice.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2876	Terrorists.com
2876	Terrorists.com
2876	Terrorists.com
2876	Terrorists.com
2876	Terrorists.com
2876	Terrorists.com

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3964	tasklist.exe
Token: SeDebugPrivilege	5064	tasklist.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
2876	Terrorists.com
2876	Terrorists.com
2876	Terrorists.com

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2876	Terrorists.com
2876	Terrorists.com
2876	Terrorists.com

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 3192 wrote to memory of 3384	3192	appFile.exe	82
PID 3192 wrote to memory of 3384	3192	appFile.exe	82
PID 3192 wrote to memory of 3384	3192	appFile.exe	82
PID 3384 wrote to memory of 3964	3384	cmd.exe	84
PID 3384 wrote to memory of 3964	3384	cmd.exe	84
PID 3384 wrote to memory of 3964	3384	cmd.exe	84
PID 3384 wrote to memory of 1692	3384	cmd.exe	85
PID 3384 wrote to memory of 1692	3384	cmd.exe	85
PID 3384 wrote to memory of 1692	3384	cmd.exe	85
PID 3384 wrote to memory of 5064	3384	cmd.exe	88
PID 3384 wrote to memory of 5064	3384	cmd.exe	88
PID 3384 wrote to memory of 5064	3384	cmd.exe	88
PID 3384 wrote to memory of 4364	3384	cmd.exe	89
PID 3384 wrote to memory of 4364	3384	cmd.exe	89
PID 3384 wrote to memory of 4364	3384	cmd.exe	89
PID 3384 wrote to memory of 4344	3384	cmd.exe	90
PID 3384 wrote to memory of 4344	3384	cmd.exe	90
PID 3384 wrote to memory of 4344	3384	cmd.exe	90
PID 3384 wrote to memory of 4284	3384	cmd.exe	91
PID 3384 wrote to memory of 4284	3384	cmd.exe	91
PID 3384 wrote to memory of 4284	3384	cmd.exe	91
PID 3384 wrote to memory of 2452	3384	cmd.exe	92
PID 3384 wrote to memory of 2452	3384	cmd.exe	92
PID 3384 wrote to memory of 2452	3384	cmd.exe	92
PID 3384 wrote to memory of 908	3384	cmd.exe	93
PID 3384 wrote to memory of 908	3384	cmd.exe	93
PID 3384 wrote to memory of 908	3384	cmd.exe	93
PID 3384 wrote to memory of 4188	3384	cmd.exe	94
PID 3384 wrote to memory of 4188	3384	cmd.exe	94
PID 3384 wrote to memory of 4188	3384	cmd.exe	94
PID 3384 wrote to memory of 2876	3384	cmd.exe	95
PID 3384 wrote to memory of 2876	3384	cmd.exe	95
PID 3384 wrote to memory of 2876	3384	cmd.exe	95
PID 3384 wrote to memory of 2988	3384	cmd.exe	96
PID 3384 wrote to memory of 2988	3384	cmd.exe	96
PID 3384 wrote to memory of 2988	3384	cmd.exe	96

C:\Users\Admin\AppData\Local\Temp\appFile.exe
"C:\Users\Admin\AppData\Local\Temp\appFile.exe"
1⤵
- Checks computer location settings
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3192
- C:\Windows\SysWOW64\cmd.exe
  "C:\Windows\System32\cmd.exe" /c copy Solving Solving.cmd & Solving.cmd
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:3384
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:3964
- - C:\Windows\SysWOW64\findstr.exe
    findstr /I "opssvc wrsa"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1692
- - C:\Windows\SysWOW64\tasklist.exe
    tasklist
    3⤵
    - Enumerates processes with tasklist
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:5064
- - C:\Windows\SysWOW64\findstr.exe
    findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4364
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c md 185600
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4344
- - C:\Windows\SysWOW64\extrac32.exe
    extrac32 /Y /E Paradise
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4284
- - C:\Windows\SysWOW64\findstr.exe
    findstr /V "AUTOMATICALLY" Request
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2452
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b 185600\Terrorists.com + Login + Messaging + Accordingly + Definitions + Suggests + Prediction + Platform + Adaptation + Captured + Acting 185600\Terrorists.com
    3⤵
    - System Location Discovery: System Language Discovery
    PID:908
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c copy /b ..\Seq + ..\Estimates + ..\Recorder + ..\Copy + ..\Holidays + ..\Happened + ..\Hudson B
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4188
- - C:\Users\Admin\AppData\Local\Temp\185600\Terrorists.com
    Terrorists.com B
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:2876
- - C:\Windows\SysWOW64\choice.exe
    choice /d y /t 5
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2988

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\185600\B

Filesize
473KB

MD5
4f27a061168935a707bbd2ccd57cf4ee

SHA1
772b71d3735fb938cb6139fc9a8b522c3454d2ae

SHA256
03074da591a24d4d370a3552a6b05ce4675d8b40e85ad70e35be8d95a530ecb6

SHA512
9353f5dadb8fb1f8ef7da6391198a1a1e869469fdb41b66068254e7dd76f7c53b9897c03a782319421bed863b1a7c55ed90a73d2cd5d0e2af5161f50c2003620

Download Submit
C:\Users\Admin\AppData\Local\Temp\185600\Terrorists.com

Filesize
1KB

MD5
5c6a2fddff1cf35bb4f5368224477bb8

SHA1
496fa10c2251a7208f8ffcbf831b7142ee5524c4

SHA256
6d012bc1f8a8056cb0b75530347f5cd1ace7befe02dfdb5833ceb27902d48b78

SHA512
23941e51dc942d0f089a4ca0f23444fbf0eed8c6bfe27249b5ddab1983dfc55ee6fa834b86337204103403551076547f6a8f4fbad9065bd9d81d4c72d66e6a75

Download Submit
C:\Users\Admin\AppData\Local\Temp\185600\Terrorists.com

Filesize
925KB

MD5
62d09f076e6e0240548c2f837536a46a

SHA1
26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

SHA256
1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

SHA512
32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Accordingly

Filesize
104KB

MD5
109a9f4263da11b2ff55682e76033cb7

SHA1
42be8d88d01a711a367ab1a528ab6fc53703bf00

SHA256
62a7546ddc0836e7e198b54a97361a484080ba8f2086403a261bbb439a76b1a1

SHA512
ece6d38bb51a1d0f936a8988845603524fb562caba36a75b98a12df0385d4ff490da2f258d7a685ff8eb979bccd3f08f93d5f33db3ddb66347b63e57a8471ad8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Acting

Filesize
40KB

MD5
c63a5811b93f58a2c2dd4a73949ce494

SHA1
fcb37588f9cd50be52cb3d1347a9fb6b2640b8fb

SHA256
be679e98667573f110db4d47f3dc7b380cf99d349942de8a495d487b8472fbca

SHA512
60bcf59113aa2668342326b723f13f4d681b5c05889e6e95d8428dd6a1dfa1793f0b8e9d045a063ba265511823c603377d7476e8bd3e7446cb656037dc3521a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Adaptation

Filesize
89KB

MD5
131ce80e801906a6805003f2b4dcbdf1

SHA1
342e36f5771427a1a3f6b326f7eaecf2e55c708f

SHA256
59202fc75f7a9a53712499af4cc52791feb581697ee497203f1a31c695e27fee

SHA512
9d6fedc078d7c8ba9d758b2efb427a4684b724e8e0103e23976635cb3051bc18b8f4bf8e2d2d630bcf8c9fcac7c3e67de616a2bf7091d5ec17d633631184a043

Download Submit
C:\Users\Admin\AppData\Local\Temp\Captured

Filesize
52KB

MD5
d81ebedfde5e7d9a1490f5fe35131563

SHA1
7d85bcff445aa7eedbfab8753bfce3ed3d3d6be7

SHA256
25955a30c7074aec738a908c84c7a3d9a5895aba432933728263630ce2e67d91

SHA512
24f6098857cbd519db03d5c9c46dffddaf3f32a4980739f29154f4be01470b050a6f4a11b1103b290e7c800d4e1911d010a6b4e556b13b8d5b40ed30959f0395

Download Submit
C:\Users\Admin\AppData\Local\Temp\Copy

Filesize
89KB

MD5
01ad8af3b0a1a9df373514666143150e

SHA1
a245f87621d1356d7535443f12b12d6056dd0cdb

SHA256
cca78b3b7d0912235c53703814a8b952f47d90df6d276515a7d06055ecf779db

SHA512
98167e3049bae6e07bbc6048800f265d099e8362ca39ec963e3a06db9ec88ddb2e0928439bd156d48c0877e854692bd6afe5405cdd8c4258a6fc08eda896c5ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Definitions

Filesize
112KB

MD5
9f0c3714c07e47b203c6e6dfa84ff191

SHA1
25f375e77b8f616b16a5595cc67326e7e25361d4

SHA256
d95eec12135cd080fad7f95dc329d312d453607fde2e432016a3742e103ec5b6

SHA512
c6e6ae9f8ecd60d3a64bd9d6d0b29f31a86cceed10db14a835abd031b3dbe136775894f9b16c2b57afd234a32222b3136b165592811387a351d3d43ed5d4b2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Estimates

Filesize
63KB

MD5
68bb2f727045ef1c9bb502b86e7a462e

SHA1
1de7e5e42edd4b09ffea4515389d5d1cd877cac3

SHA256
b50b7655c0b00ea6fc1743a159ace95fad45b9102a40995a625fa9a67748642a

SHA512
17f3eea49fa83653c1e443ec59d1a04de222ea86f9669089dfe9881fb80ca2933483417baf21bd84f9e172c72408b55ffa7aa9436a2f25fd9616967dd3774209

Download Submit
C:\Users\Admin\AppData\Local\Temp\Happened

Filesize
51KB

MD5
108d0d7caecefc21b4728519c3d4be9a

SHA1
c411644fc2147ff6d2b7b612622a8378d003101b

SHA256
e006a8a7ff54f2d57420858a437ab70e3a0672e04801280117f902bdd440c372

SHA512
c4ecb86e89a294f2357d1f178602a90d0f745a37bdd14aa1b06832c7c1def42d6e7b16773eaf04f97b94456dbadf16eff802ff050c73b722fe97f98462261c14

Download Submit
C:\Users\Admin\AppData\Local\Temp\Holidays

Filesize
89KB

MD5
3ad564f7316a726d28e75dcb5524b52d

SHA1
a833e6706f7f28f77417e94c52a1f53f4c36045d

SHA256
d0237b265edf936374d42a7b5b2352c799f0fa9d3607e0d4c810ff0fa5378521

SHA512
6734153a2a74788cdbcd359df668b30089dc227883731bd4424df0723f3c9b9611905c0d05aa5695260ae6d08bf4266e7b415094c2180acfb7152c4f801fbb0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Hudson

Filesize
3KB

MD5
e94e5e803469f5275c4b5d2bdccae109

SHA1
624d067e9ee853741b1e2f1aa5103ba369fae174

SHA256
cf4b30be1c14b8906567f32ef8a98a3480da6e1d03739e02b6cd9f25ade1d089

SHA512
01d1cf75cd367036e96a750fb153022f50321dd579787575bc4b2767eaccdd4a1ab66205c5436a2f534deed7441bac53a81533356d1af1583050cf7d6f179254

Download Submit
C:\Users\Admin\AppData\Local\Temp\Login

Filesize
74KB

MD5
7435dbcddb5b634e3d3d0c5c02d90be2

SHA1
2838fc9179fdb5f4822ef137272c47723128c7f3

SHA256
e7df246ed5b35bf761dda8efec575c97af0f8bbfc2ab77ec75fd7ece009951cc

SHA512
04228dfeabbc2ae0493fac89c38221c47246f366209869500eda4185f9497b6dae1c05a7079352ae6e584c20d3c5acd37751df73e4e6caa16232d2ae852b7314

Download Submit
C:\Users\Admin\AppData\Local\Temp\Messaging

Filesize
118KB

MD5
8c07491d5fcd423da02c895657469ddb

SHA1
07a1096df1ffd971aa540d2a500c07ce875f9bb4

SHA256
8a19986c22cf7ed9efb32f90e72007a0967fdc8fc91b0e2dc9786dfd1dbcb96a

SHA512
1dd3c59aeefbfbce28ebd82f04097e147813ee2bd11a8dc54fd0b7c4e4571eda02566814bb785bcb99ba34bea53eba79f860b45e9779038724b7be0e1d1b9a5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Paradise

Filesize
477KB

MD5
580baf8ddb9d2cfdb361283c93208db7

SHA1
f238e1e8f29b49040b8e97eca1867ac99b1ce8ca

SHA256
93b0314f4b566be79b6044973801ff18e67f807d133f5fab6554ca467be4d255

SHA512
8502f3e3500a7074c04741cdc8f305a1483f9da4d094934939c6675c374681727a0eebc65fb2721cc403344d239ec65d0bbbfdb1d0f9dfe21bd2b16a342d5ff6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Platform

Filesize
99KB

MD5
bf82d2e3efb326550687f28ae2827cd4

SHA1
e41bb9f644e654cbd08de6baea85065e78081133

SHA256
9444a18508a84ff2f92182da785869c4f700b261a06f7caaf8c30e04eddf1102

SHA512
83f26bb5deb0416df61e9e0d42ee9296b76c6d8b5d1aee82931e90b72ec38cc791d64e9c2b4aefcb9b6cb1d75cc7fdcdaf4e432ce605a08eaf1c4147bfe0100d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Prediction

Filesize
102KB

MD5
f4f92c617028caa6353b9ac3b763afb3

SHA1
185abd45922a557ebcf526395b91b9c337bea423

SHA256
f4aea045999d4e7467c028d09632209622cf1a403c48f4736283263fb50f9379

SHA512
8ca4688e110e0707e1e9b81d1ccf65e4ea9485297cf57b19fc19a8e0927fc944bb3bb153c57486ee73a9ca98813632dcefcabaabda591dc2aaba6b1edee6e44c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Recorder

Filesize
91KB

MD5
130340bb02fbf91decca4ce765d299cc

SHA1
12e070ceec8076846d7c6084ce0d9ff13b51802b

SHA256
d362cf699ed9a69bef804a5fd4f6a8ad25bc37a8e9dba7a02db7fff3bb6fdce5

SHA512
0f231c612c7a30b02bb368381abc7f19f81de924b6228f21cd8e85e3acab5d267228e3810adfecbc0a0ee895b35ecbdc923eddfc0a080dce1ce94abe06bbd97f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Request

Filesize
1KB

MD5
7ae337a57064ddf8ca6fc21b0b8843f6

SHA1
b368b2c43229d04d249e4a5bfc64ac43ebffee61

SHA256
921474ad0e1d078ca96c9d2986933eed9b1dc8db0c0e6414aa94764cf7402df2

SHA512
53dc42449755e9dba0769c21a222edc23c207abb6e58667e259e13fbde0179da3bdbea7f43d621e0502d4a6499abd63fd8f2ccfd72e0e939d00fdaaef3903daf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Seq

Filesize
87KB

MD5
03ddc853d352b69d0f39c876d75261b9

SHA1
80f8659122166d2610558c9e547661e78c7c4a11

SHA256
369da401cbb16a9c4303953334abac3efb335789f5607767b49ace71af6bb305

SHA512
6dfff5ba63068137d2f491c31c6a60b36f114b3de5c2fa0de157a12e1419d28fc395d9bb482b363a9b92aab4ccd25296fe143f02314a28058be61b46b75ce352

Download Submit
C:\Users\Admin\AppData\Local\Temp\Solving

Filesize
10KB

MD5
19181f3ee0c8719a4c92a9c5e2e5131a

SHA1
9dc5c5bf15a6aafb7f189970c65686f21578e652

SHA256
9ba5305ee280e0a49b6da98133e807c6ced225e90cfa8a0cb89343350a3c7718

SHA512
6d6c96ea5e6ce5f3e6d297bcacbb7603abb7a34d67579bc8ced94c844d123b6eef937d3f77f3c9ca400483172ed2b34586eab96e8e77d347aac682787a00a623

Download Submit
C:\Users\Admin\AppData\Local\Temp\Suggests

Filesize
133KB

MD5
22cbe397adc3394ee9fb4ed137a6e437

SHA1
b07cc32e4a0f9454738b2363f358e6d00d5b4148

SHA256
cd250b5aaf700d3d8e9da7575f63f26f753064405bd3698d036c774db2a948d0

SHA512
21b6f95503f9d5a25feed3d5b735b58ef3db9db0b0629348dd0e409e93eeb84c82274ffa47bba45660e1ffabfeca05fb173936c947d1b5c5c82eb4dabe7fb711

Download Submit
memory/2876-313-0x0000000000080000-0x00000000000DA000-memory.dmp

Filesize
360KB

Download
memory/2876-315-0x0000000000080000-0x00000000000DA000-memory.dmp

Filesize
360KB

Download
memory/2876-316-0x0000000000080000-0x00000000000DA000-memory.dmp

Filesize
360KB

Download
memory/2876-317-0x0000000000080000-0x00000000000DA000-memory.dmp

Filesize
360KB

Download
memory/2876-314-0x0000000000080000-0x00000000000DA000-memory.dmp

Filesize
360KB

Download