lumma | hxxp://telegra[.]ph/MOD-MENU-04-22

Analysis

max time kernel
324s
max time network
325s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 16:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://telegra.ph/MOD-MENU-04-22

Score

10^/10

lumma redline infostealer spyware stealer

Malware Config

Extracted

Family

redline

45.15.156.142:33597

Extracted

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

Processes:

resource	yara_rule
behavioral1/memory/4928-483-0x0000000000400000-0x0000000000452000-memory.dmp	family_redline

Executes dropped EXE 2 IoCs

Processes:

Loader.exerebild mod.exe

pid process

3456 Loader.exe
1120 rebild mod.exe
Loads dropped DLL 2 IoCs

Processes:

Loader.exerebild mod.exe

pid process

3456 Loader.exe
1120 rebild mod.exe
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
3456	Loader.exe
1120	rebild mod.exe

pid	process
3456	Loader.exe
1120	rebild mod.exe

Suspicious use of SetThreadContext 2 IoCs

Processes:

Loader.exerebild mod.exe

description	pid	process	target process
PID 3456 set thread context of 3736	3456	Loader.exe	aspnet_regiis.exe
PID 1120 set thread context of 4928	1120	rebild mod.exe	MSBuild.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585379032512657"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings chrome.exe
Suspicious behavior: EnumeratesProcesses 7 IoCs

Processes:

chrome.exeMSBuild.exe

pid process

4976 chrome.exe
4976 chrome.exe
4928 MSBuild.exe
4928 MSBuild.exe
4928 MSBuild.exe
4928 MSBuild.exe
4928 MSBuild.exe
Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

7zFM.exe

pid process

1632 7zFM.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

chrome.exe

pid process

4976 chrome.exe
4976 chrome.exe
4976 chrome.exe
4976 chrome.exe
4976 chrome.exe
4976 chrome.exe
4976 chrome.exe
4976 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	chrome.exe

pid	process
1632	7zFM.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

Processes:

chrome.exe7zFM.exe

pid	process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
1632	7zFM.exe
1632	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4976 wrote to memory of 972	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 972	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 1548	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 2788	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 2788	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe
PID 4976 wrote to memory of 3236	4976	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://telegra.ph/MOD-MENU-04-22
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8b0d7ab58,0x7ff8b0d7ab68,0x7ff8b0d7ab78
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:2
  2⤵
  PID:1548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2208 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2980 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3012 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3972 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4408 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4544 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=2388 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:1196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3464 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4708 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:3096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5468 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5036 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 --field-trial-handle=1648,i,6677896020203351566,2956987527499950447,131072 /prefetch:8
  2⤵
  PID:3692

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1668

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2044

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Loader.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1632

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\MedalLauncherLog20230923.txt
1⤵
PID:2700

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New folder\GameVersion.txt
1⤵
PID:3928

C:\Users\Admin\Desktop\New folder\Loader.exe
"C:\Users\Admin\Desktop\New folder\Loader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:3456
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  PID:3736

C:\Users\Admin\Desktop\New folder\rebild mod.exe
"C:\Users\Admin\Desktop\New folder\rebild mod.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
PID:1120
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4928

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a251e7d8920ad0ae50087d3903f218d1

SHA1
89a40725b1fec22d61561b2286720638ac0f6625

SHA256
6045f9f01ec3f769a595569f236cec5f057170f13aa5c7f8f01df1cd687725d5

SHA512
0b3c16211e1da01608cab5853c907f5c061d22aad2f83aa990fd5e27b08cca8147c0b0f02af9c91e10b7dd8f9d658360a0d73900b0c101fd2a6758386007bc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
bade52fceb0f5865802e9e68f6ac38ce

SHA1
66bd6c3f29818367b48bcfff8378e711aba405da

SHA256
14570d958face4a0e2e5306b884034b1a3b61ec5fae8d8fb3a0766fd75589f1c

SHA512
01719cb482aa6aa954610cfaf7bab5618ea2cfd7fb6bc3970187b2e11b5868ecb8ebbec6712c7aea33ec94760affebae0e186337c614a25a584c0deb7120ecff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
65384fa8acc2a027783235734f03667e

SHA1
fbba9022b68cecddd30c6e2c80119987fb847c76

SHA256
8857487894dca43fcbeb03fa1d5a77a20f46567495826c4fc9e4a2370078bf70

SHA512
4dd625d5634a2cd5b85b51ab10e09b1394e589777132784a61e1eaa00da46447ccc430602db3eb7feaa9fa6cefe9082332c5bb54057472bc888a88ab55e64a27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
917f4d303b726e39ee83e621df114eb2

SHA1
d56cd1d622a9a088742b2e36382c23dcb8f7ab4f

SHA256
a196a6af16d0d68d0bb0af8d2c36d292637c27437b03756c00bf8dc7e682be9a

SHA512
db1027e08a45f8a249f93998c5de30a55856497bd77f2c04e3a0e08dcccb2a0546624bd37401fb7fd41ea85c07eee0b6e8187dce43ca83e43cc0304fe20c6d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
32KB

MD5
635861d5793789731f3d9f391f2e9373

SHA1
3605964147124b8ba8f4f7b394546db095396192

SHA256
58544e1d5db23a674b8727c93895bbbb283551f478b208f58f2ed9cb84a6924e

SHA512
232d7e7492ddc1f733231e11febbc464b93495dd9b7760ca0e271619755d0eb2848780a9b380a700dffe3ed9b0d5c18cc0fc0d85ea9342242efa7c5003119a58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
5c3bdd5e6077b6761e958a19bb629853

SHA1
544980f1a3d52ccbb649d117e43d8f785e106059

SHA256
4061afe7378fce0dcf6b2e9549b0146641f2641cd782c2a0d5a14ff1203a0220

SHA512
e7a6286d1d02468e1a74350b06bf05c4280010161e99d93e4020b52feb88f7f38cabaf09a862d4a60667614df3698914fa5453dcbc672459905835daeb8319e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c4fcd6259ad00bdb18e9b65658c5040c

SHA1
1ec22e61da12a9cababfaf5d559d5ddfe9c01158

SHA256
fca9fcafe162ff1219b1057ff74746a72c5bea480c6c52550b9ffcab17d746a3

SHA512
f038f1b19c78004d1a1c18ae2c001d5729051bf6548aaed0960f86abccd6e1a3d9f8e3d33e7157b8cfcaeea5c18bbda3fa60a45b16ba629070e99cb65e7d3bbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7023f81e4e5487f7c2730bd15a0d23d3

SHA1
58fde3e47fe0c7c6324b3b5db90bbc827d4e44b8

SHA256
675b13a03f8ca4d1fcc27c9b638992579f6faf07e6653c51bfec91ed1da11ae4

SHA512
71ba98757eacb863555910d3641097c2ba8ccddb8fd397ad344292f71dc8e5a208e0878115730811cced5ea40e40483d850c3224295a64306c99123250938e24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
855B

MD5
900e47783d41d5d3aff300168e537bad

SHA1
002409aa017e240f2271b33f9ad2917f1d057ef1

SHA256
f498a017b2c8c8e27e50626798e4d70070edec49f2b78b9de44b8f7acf82d515

SHA512
5b62a803245b02676fcadf15ce942407a79005ac5377bd8f30a53c52e5f48dd804d16260124683e313b41f58b37329a8fa3e6d314b8657ae581b2eee1e4fe2a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
16de56ee6616c6562f7a5ed26a57b0c2

SHA1
ad9573cfc5baace1db92a4077651945fb3d2dee2

SHA256
292ba13b1add3170b4c9bf38a1ff3e40ebc4e4efda3c2f7ceccd1e1d93537bbe

SHA512
d044e55d810e80e4042162ba262244e8b22f6070b69ece29385ff93ccb562f770bbd97398d254a91f9fb38822fb2900630c8a9ee0144f1b4a960784cbcafa0b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b4e0ee45cd9448ad3d6699d8454b1660

SHA1
722c226c13691e90157b415aced4fe6a04079494

SHA256
1d71417343320ba2dd3bb4a60bf9c4054859b7155a21d0818b8cecbd78ec3673

SHA512
814b44f96314a296ca89036f42a368ab1de8c697db7179f3539f3e471cd1fa7be19f47c102113698d9b7c99673cb78b1a55b4480f825d187d7f7b0d280388ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
029fe9fea16ec3c7ecfaf9087c578851

SHA1
b81015bc705a11f7e84bc8119541b96187507dbc

SHA256
5c7c127bb94d487f49307138e03026fa04de0a8789c47108813f5736e239144b

SHA512
dcad6983ea49f80cad0dce158eab2329497e1e51fb45a4637ebad0e298816345c8e322fc57c23135565ce6d0ee31f1bb5a5cd1eec24290ba389bbd53a13e51af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0e6362844a9e5d37b4f08f5ae170f813

SHA1
08ffd6fb8929d31f3ff5a02b271c33bdab2205c1

SHA256
f85e971c602309fb30be06b044c293a7387f21c158f216fb6e433112c8bf9796

SHA512
ef917a2b5d701892b339b67937df39c787ac32e5f2e052f18c0a413e991b7011c6dbbd1a3a277cebdc1f163ce46eb9588ffe31a818ca65f25e62c36d17fb43fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
441f7af7be9772a1a6e864ed27adb368

SHA1
f96b5b280bdcc946cebdeb507dd67178acd252be

SHA256
a533f19a973bdc4a7e8575ea6938e100f03ff4888f9cf52af3f8b23c311611e3

SHA512
51fd5efa97323b48796d11241e3e0dc71f3c09b1ec770fcc07bf8c4f311f520614e41925515eb7df35774e8125834784a585ac781518aff0bd515ab69de8934c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
23d38244ac93073430bb946438b4d9f5

SHA1
d1b1fff9474cf760e32cc92b8306da39eb09da7e

SHA256
e64e85c337bb125dfbba32fd744b5413d68202ed4a058c5d54eb073b6d56be8a

SHA512
ef28b881762f122ba3a71f3f9b821a44d3347bdafc1bfabff5682fe4d19793565f8f159252676a865b8d67ef7ad68f285c5bd4da51921f5208554ee8053ffe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
813ce32bc71c65411e88358c6dd4a8d8

SHA1
3afc1e105febeb59996008d47b1f6425f689677c

SHA256
54e1670032f4eec7e166cc1bf85e2678d2569175b6f1961a89d9277d136ec399

SHA512
a25d19d0d071cb1f11751ff3f933d21227f65a41d5087efe3cc313d6c808f81e179b61059886ae98761fcd54a5e49e80ee5b3b64f815293b3c8b79d7416028cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
27ea113af52c7006b5e738ebbbc371a3

SHA1
50ca2efa69fdac4b710c8364bc7d75318e707eb0

SHA256
1f8b7ca284d2bc630d9a30ac36a4706ffb622c91156a5679b1e0c4f040c6b9a6

SHA512
6f7ca994e477068bea72ad8b2c621b81c78363783d2fdfceb43063fed79794c027695cb282952eac07becc714138f8240cbb7e970c233842223728e69132d2e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
127KB

MD5
4c31e4dc31b66a19055e615636daf036

SHA1
96c8f250ef81b8f59f7108fa765d7d6bb73a7889

SHA256
fd25e47fc03473e76691a8b4c6d323c24849d1e9a51aab9c7dd51be188d33289

SHA512
26efe59aab9961cc13be03c70f5f798b8f32644f433bd648c367f9dbaf478f5e092096261c089b1dd2e6af90c375d27b91e4a5744db38f044c2b9557783465d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
96KB

MD5
dd7509570d0ccf849b1f9d0fa19d74da

SHA1
807bb43ad088bf2822f26cbf32777c5d5902bd2d

SHA256
780a0a051f24dcbbcf24be57cb35d98e4743669e0a8ca5c10f574c45ddbe9056

SHA512
39d5aea021760246f27bd08c806950506ac6c2245d83088cb410b086c84f141e8ad0fff6ff39acfc1d80b0c1c5e7c83eb5decaf4ddb899dc57e2345303d09b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
ac730e5c34a96885fd49ef54d54ad716

SHA1
d5cded51e706a7903295c752835163a51adcbdd3

SHA256
b72d2c546d878f83170846d13200935cd1a1077baa83b9aebd011b11d544fe5d

SHA512
64212e90a2da445b3217aee855d151a48dd2ae857324ac4a4057aeb1cde85cfad354eb69047909db0028808d403d333f28a7ae82d95ec2d5b480cf83316115d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57eef4.TMP

Filesize
88KB

MD5
b6ff30eb88a05182baec27377bc7c86f

SHA1
083c7803652560a5314dd9d09d8ab0195ba1e26c

SHA256
efb03d129c4cbfebfc2ff1313bbe9b8c5348d06fd2f6544e7a022da93373662a

SHA512
367f57205e2b8e180559c623e4f0cd78ff536747f4db0f2fcbd3bacf18639ff674fcfcfd562cc72b57096c8f0d6587b02edb516a0cefc1f724c3b13b71c10670

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpD6A6.tmp

Filesize
2KB

MD5
1420d30f964eac2c85b2ccfe968eebce

SHA1
bdf9a6876578a3e38079c4f8cf5d6c79687ad750

SHA256
f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

SHA512
6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
400KB

MD5
0e721a75ba2324cdaead568c76379b41

SHA1
64af2970519b2f8b3f6dc679dd4c385a1b212acd

SHA256
ac2354fa8dc48768ad0bf9a80727af1ca7b1e63cb9f1c509c16eaf72f26cfc31

SHA512
e375cb267bde1ec2280382af8c267c069ac467a776b3c2f1a99539be674fb895c2d7fa2bafecd8db629958150e7706037df5c57fbfe900d6a60faa5378a19384

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9.dll

Filesize
397KB

MD5
af94e6408225a528df92e39338b1d503

SHA1
20885bdf89596a0cb8d182681018ee925a667806

SHA256
b90a5b6d2f6a20b78ee9d3f456e2e876b6766325d23d8c9ff6969c20377b92b6

SHA512
c89c6a7c81cfc3db89d330fed8cf3e30290e352c6f4b9c70b342e1bd26c6f8b69ec8c627d5d2f5864381c0efe1e91d55aad778187493eafacea1fc6c42489bdc

Download Submit
C:\Users\Admin\Desktop\New folder\GameVersion.txt

Filesize
18B

MD5
75b44d7f3708448f0e08110f0905b756

SHA1
903726e852dc0a64adf01744e87588ade1f95ad1

SHA256
af353f8e54eb3536e840485531f6a9cce9bccc87b69e506bbaf390c77295fe43

SHA512
d79cc800d039720b3e354a75606794dc6cc3886b81f0df997c135bedadac740ab43ece04c62b8ae8f9d32bbc96b47c842c7c1ec6fd7e522cb7982a521dcbafdd

Download Submit
C:\Users\Admin\Desktop\New folder\Loader.exe

Filesize
2.4MB

MD5
6be043ec93e0e18bc92381c8cf8c214b

SHA1
616648f52c2a8580c51185b1ccfb12ab127d6ed3

SHA256
79bc8405f9fe98ebcf6ee04482d89a20cba531cad8276824901e4a12c4b8e7c7

SHA512
847cd3995ac6d79712948f6d272e71b50e209a15ce5c86fba0630b708fb14b499876d9591ba2f1d56676779f181edf68620ed1eeb2e27febe88d09459c77bc2b

Download Submit
C:\Users\Admin\Desktop\New folder\MedalLauncherLog20230923.txt

Filesize
446B

MD5
dc19504bc1d07bdc4ec7535689fdb7da

SHA1
ff5010b75d3ec19563cf784b7a890470db54791a

SHA256
8bf5794466af9a8c82fc9dcc00e7a755d53a32e9bd40b770a88ac40fc3e6640e

SHA512
9d2e90a937bb35d2af92d5b374a5103906caf45496eceb48ed25b080a452100eb5c96082a1bb9231734b053dba04a4f109c0bf06829a5e31b66d44118a865587

Download Submit
C:\Users\Admin\Desktop\New folder\rebild mod.exe

Filesize
2.4MB

MD5
3152fd3a4014b83c869af5e5622fddea

SHA1
2bfc60371c6a28fcdf32e3d0d98660172a243385

SHA256
33897b7cce587186d25f2536611ebb42bbcf6e7a5edaba75ad8ea465ee29aa9c

SHA512
b23a966081bb80be9f784726e81105fe1e954aa39b851e49619d634b014339285445585ffa06d4263f889c5769bbb6f1bea5ef59c891801a6783dbc63f64a7fd

Download Submit
C:\Users\Admin\Downloads\Loader.rar

Filesize
3.0MB

MD5
4df47749c890cb4a3316e8461ed37d21

SHA1
3f79a6e57688bd3f506c441372217079d9f14a4f

SHA256
ec721ebd408d20753388405fe6f2ef62f95493700d95a46e38798b889aa85bc4

SHA512
6724ffa84b8424ba9647c86f0a7c77cb9adf6191c25d64baffe5e737e75a6877ea483ad72e6610f6e5049b88233291b5dea4ef2dc57eb4cdf4046781a735dae3

Download Submit
\??\pipe\crashpad_4976_MFNJVTKETVZNXHXY

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1120-485-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/1120-474-0x00000000007A0000-0x0000000000B3A000-memory.dmp

Filesize
3.6MB

Download
memory/1120-475-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3456-459-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3456-460-0x00000000028D0000-0x00000000028D1000-memory.dmp

Filesize
4KB

Download
memory/3456-470-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/3456-458-0x0000000000140000-0x00000000004D4000-memory.dmp

Filesize
3.6MB

Download
memory/3736-469-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3736-466-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/3736-471-0x0000000000400000-0x000000000044F000-memory.dmp

Filesize
316KB

Download
memory/4928-508-0x0000000006630000-0x000000000664E000-memory.dmp

Filesize
120KB

Download
memory/4928-513-0x0000000006700000-0x0000000006712000-memory.dmp

Filesize
72KB

Download
memory/4928-489-0x0000000005410000-0x0000000005420000-memory.dmp

Filesize
64KB

Download
memory/4928-490-0x0000000005230000-0x000000000523A000-memory.dmp

Filesize
40KB

Download
memory/4928-487-0x0000000005800000-0x0000000005DA4000-memory.dmp

Filesize
5.6MB

Download
memory/4928-507-0x0000000005F70000-0x0000000005FE6000-memory.dmp

Filesize
472KB

Download
memory/4928-486-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download
memory/4928-511-0x0000000006C70000-0x0000000007288000-memory.dmp

Filesize
6.1MB

Download
memory/4928-512-0x00000000067C0000-0x00000000068CA000-memory.dmp

Filesize
1.0MB

Download
memory/4928-488-0x0000000005250000-0x00000000052E2000-memory.dmp

Filesize
584KB

Download
memory/4928-514-0x0000000006760000-0x000000000679C000-memory.dmp

Filesize
240KB

Download
memory/4928-515-0x00000000068D0000-0x000000000691C000-memory.dmp

Filesize
304KB

Download
memory/4928-516-0x0000000006A10000-0x0000000006A76000-memory.dmp

Filesize
408KB

Download
memory/4928-519-0x0000000006C10000-0x0000000006C60000-memory.dmp

Filesize
320KB

Download
memory/4928-521-0x0000000007860000-0x0000000007A22000-memory.dmp

Filesize
1.8MB

Download
memory/4928-522-0x0000000007F60000-0x000000000848C000-memory.dmp

Filesize
5.2MB

Download
memory/4928-483-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/4928-525-0x0000000074950000-0x0000000075100000-memory.dmp

Filesize
7.7MB

Download