lumma | hxxps://drive[.]google[.]com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link

Analysis

max time kernel
142s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
29-07-2024 19:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://kaminiasbbefow.shop/api

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Extracted

Family

lumma

https://horizonvxjis.shop/api

https://effectivedoxzj.shop/api

https://parntorpkxzlp.shop/api

https://stimultaionsppzv.shop/api

https://grassytaisol.shop/api

https://broccoltisop.shop/api

https://shellfyyousdjz.shop/api

https://bravedreacisopm.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Executes dropped EXE 8 IoCs

pid	Process
4720	Main.exe
2780	Main.exe
4928	Main.exe
4752	Main.exe
868	Main.exe
1000	Main.exe
1992	Main.exe
4768	Main.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com

Network Share Discovery 1 TTPs
Attempt to gather information on host network.
discovery

Network Share Discovery
T1135

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 4720 set thread context of 4560	4720	Main.exe	120
PID 2780 set thread context of 3616	2780	Main.exe	127
PID 4928 set thread context of 4820	4928	Main.exe	129
PID 4752 set thread context of 2832	4752	Main.exe	130
PID 868 set thread context of 2704	868	Main.exe	134
PID 1000 set thread context of 4936	1000	Main.exe	141
PID 1992 set thread context of 4952	1992	Main.exe	143
PID 4768 set thread context of 3980	4768	Main.exe	145

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Main.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133667550231187576"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1705699165-553239100-4129523827-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3300	chrome.exe
3300	chrome.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
4920	chrome.exe
4920	chrome.exe
868	taskmgr.exe
868	taskmgr.exe
4920	chrome.exe
4920	chrome.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
868	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe
Token: SeShutdownPrivilege	3300	chrome.exe
Token: SeCreatePagefilePrivilege	3300	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
2988	7zG.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
3300	chrome.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe
868	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3300 wrote to memory of 2940	3300	chrome.exe	84
PID 3300 wrote to memory of 2940	3300	chrome.exe	84
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 3792	3300	chrome.exe	85
PID 3300 wrote to memory of 4660	3300	chrome.exe	86
PID 3300 wrote to memory of 4660	3300	chrome.exe	86
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87
PID 3300 wrote to memory of 1152	3300	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1D8OJJsMf-yxG5IUu6O4zl9cp3zNh3c6e/view?usp=drive_link
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.106 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ffb97a5cc40,0x7ffb97a5cc4c,0x7ffb97a5cc58
  2⤵
  PID:2940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1884,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=1844 /prefetch:2
  2⤵
  PID:3792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2088,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2172,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=2224 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3100,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3120 /prefetch:1
  2⤵
  PID:740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4428,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4324,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4760 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=4864 /prefetch:8
  2⤵
  PID:3284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5008,i,6710370582776561117,1045070270870374792,262144 --variations-seed-version=20240708-180128.343000 --mojo-platform-channel-handle=724 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:4920

C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe"
1⤵
PID:1988

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4828

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3432

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Main (1)\" -spe -an -ai#7zMap6152:78:7zEvent3758
1⤵
- Suspicious use of FindShellTrayWindow
PID:2988

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main (1)\Main\Instruction.txt
1⤵
PID:1492

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main (1)\Main\proxy.txt
1⤵
PID:3432

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4720
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:2248
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4560

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2780
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3616

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:672
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4820

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4752
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2832

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:868
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2704

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Main (1)\Main\Instruction.txt
1⤵
PID:4048

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1000
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4936

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1992
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4952

C:\Users\Admin\Downloads\Main (1)\Main\Main.exe
"C:\Users\Admin\Downloads\Main (1)\Main\Main.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4768
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3980

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:868

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Network Share Discovery

T1135

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4cce6921c2f5b7501d6db4baaecd32b2

SHA1
58785e68634314e0c84d9e26d7cf86a5b6c032a5

SHA256
df6419f6a732633345da077920829169c2f21d2394862eaac4ea6e841a6cc6b6

SHA512
b1177f56e2975547c5c201339d0670453de3b90b022e28b2c4e2358e597dc80afbe4cedd6e9388480a3f1337787386833574fdf4168e29418eea9ce356861611

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
e6657e042d6279e262eb18cacd46396e

SHA1
6057b6bdbbd95883cd30643b1ccddb2040d4b9a0

SHA256
42c4c6dc2c1838d81959f941f869d57a9f3580e916f48c708df66a325180fb88

SHA512
acf84b089d54bd53052bbc240852398ecd293466e7ed70189e7f370cd6d16266111a136486e159e884cf5753b4d74ee3c17ea707a89c20de52cf213afaff25f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
17d3928b5f9f9d03ee1519f2559edf35

SHA1
f3515e4cf44b1e5e3db7f4dfcc6d89dfa58cd8a4

SHA256
ae0fb0718ce568748f93f636ded30a8f01f6c2bcc18e40c1480b908cf8544200

SHA512
74ab0b1649894f21718425205d68a47483b7a74b3ed01785632701517d58882a0cca63ad5ec1443fc291e8be1e9a930df7fb50e003efbc0a102453095729695e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
56e8fecdecc6e41e92eb16fb637789b2

SHA1
9236911426088ea16aed492b5cf577d1e40449b8

SHA256
5625ffd1a36b99f354a3775787f6a8957e11d4d82789493a75f534fbc9e8e7ec

SHA512
c1a133b96f8aff676dc0d344daf731ea3a30a50f4d37ce3945847449f0e48e101164fca732959bb93566fd6212eba23bdb895f179bc645a1c0c74d5b42d67059

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a2b144422beb63d5372ffc35632823ef

SHA1
4c7fe27e86b4decb14cda3e7f51ed48fe5b7bda0

SHA256
14a420df5a21e04e22434fb1c59ef036f781adefead54fe2bef97363851069a8

SHA512
c1c70e8c66ccab6e334d2cfb815fe519d5337fcf5546f0fa56fa9405ccc9c54e5337703bb7ee241114a2ca51db907503d756eebcafe610fbfb023d7f2b9430e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
94bb20da213021a4283bdedf1c43d508

SHA1
ebaa8fd29eebe8d8ad9e7a897cfe68a409c4aa79

SHA256
477d646024423a1aa234dcbd76e495b7847488ace78ca7457eab6902b4eb70bf

SHA512
a15f90a582d3166b1d3eedd495cb1c3561dbdc107e119f14881cdc09c9ff6a1acd063e8a3ffbb449eb270143a295156e66ac0163eee087a2eea2497aeeb94bb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f8af9f21fdebc2e3746b5904d660210

SHA1
30574b919262248726a1ce6f08505cd35202096f

SHA256
eb136d92a5d147245544dc5ff83e65dad3c6ddd5493ba26bb60a59ad9e074567

SHA512
0de3619e2a0f6de5b0c24918bcb8bc47a493ab47bb59852ce52eff65b92aebcba615a11878adf828f4fb386fd6699ea6b9cabe5eab38a0f3dd71a040235cda36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e958a3ba101719b95f300809afaa833b

SHA1
b02e89ed9ab28fd8e1227ee627bf0acb30abd335

SHA256
3b7e8d6fe8bd7c9e70d2c2823b0e26bf1d4842bc4febe6a25ac95408eb6f0cd7

SHA512
dc4af8d63c82b6dd9aaec651d3a7e70659fe4ea19b22f840b752fed5674ccd01041a5656a7883047a5f78d23f7a1459efbcb3077b419b54822aa6c244b056c27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cf1aee543d1783e4942eff0693f1bfa5

SHA1
216294f6839c50b1207097b48376080d980fb26e

SHA256
915f26e6ceddc0b2b07bb24767d65eb8d882d11e72be080e487de65ec4d14a30

SHA512
3acdde03daa8dabd72a855d6a612b3dac379dd191c8f76c6951b901891dd79cd223ec19f94592f86b86a4e6e478a8f77a993b1c302573eac9f8bcec5faa70321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
989a254ce06b7d02544a3f1683d177a6

SHA1
2c8c042b1f1c6873808adb47570d35f50a2f1fe2

SHA256
8d06e08fe3c172bdf49066805aea4b53be9f3d693e86d464d5c81182cbe32620

SHA512
4695e67934b32c802f577597492b84cada2d68873c13f0b64810677f3cce343173ddeec9912b98d636d84bc4f6b55160072f9a2052a354153848b10fdee3fc16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e19231ea1082bfd7e3a2d8a3f51dcad4

SHA1
31c6d8384fb65d71cd59a50918165f5852b2e0c0

SHA256
11d9a440b436d60118145939133798b830b36f8712494de35baa666d7890e57a

SHA512
1b97f15ed0bffa65292c7e7ed9cb792f4dd6aa7c322072c1e6df350246c4e5cde28c7e20b953e6abb6991068e5babd73eb8a848cec9adc72b4c846e62e69ea51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8262ad78dc35d365457c44a8e5dc8856

SHA1
dc2807a54a1066ecb905d0a9e6db5f3357e58127

SHA256
43ed1fc0bdc1170ca4291cff1a19ac29724c9e0f301bbeed0d95ca4a34013ee7

SHA512
c43fb50e68c10ff54768dc03439c47faf381be4b52f199ad47cf55cf1ea3e72bda705da65f97e0d18680f7b6fd6a8d3f554ae31921d60e1dd8b1b56d036229d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7bcd3182ab3ba48dee45fe37f77fc062

SHA1
c01f5bf6cc3245a97835f7c6f90f931ac37c02e5

SHA256
990797812492a2b696d1380ecbc87614fdac3f595c26c38f9f2a803741cc16cb

SHA512
e032c5714eee28212cb5861a78afdc7f2680d3d38c1f61e25895fee33498371d11edd52a20776d5f9564b201a4501926f9243f01949ae3bdc557cd33c00133c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
034889f29e26b15d77182ca9491f4bd6

SHA1
bb31120afe5b4a23bb4a3ba2e8d7a121cf1a11b1

SHA256
80738f00c919bbce131213d38407c53831b51248ba826522233d6f45abe253c6

SHA512
028f07158f0d7f24805b728919e663423c03c3c268417a1d267d9288227a2f5ca331e309390519317d25b5a5f96a76cc9a8d461f52272f298cb85b8a9522827a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
a60439695c7d49a32a6549f27e7380b5

SHA1
5368eebb956e6a88d18097c8101d4952249edc6d

SHA256
05b2c4b88f52ec2e6cb118f15d8e83329ea968b898d5354891d38afc72d59a87

SHA512
9814547178beb54e7fe8c48f67a7055c0269a1eedf2ee144b8182376c83d1fd81caee7830cab90687b27067d24407c339b41e31bf8cd79a5a48251427b7bec1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
8f216985ec74f5a5a8d4b17f9d30be70

SHA1
428423d0c902adbc83c37dcdc3548eb37487a229

SHA256
8f2cec8a59cacc6882aa4b27df51608cc8253e28ae80eb07b28fe4214706e6e5

SHA512
d5b14523e540c692fb5295e4a8fc615e4dc340d02f2d4040949a040b32cab6c8de1ef4591b8020d6bb9cb43829c3087c362357eb072e1e43d52be7f3535de482

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
92KB

MD5
276ffa35295c9523fea5473498c6a6b7

SHA1
4e0154b0e0cd7e3b78e6d853f8cde6068b15b088

SHA256
b9b23e2247a3460678d60b44736a2ed21d92944748b8c101ce492c1932a43ad7

SHA512
a1fe5a23f97de1a5fc58f263b2ae1c7d3d14b243b7b24957c862560881f34c71ce634380e6eb8b11e332aa95426ac9c9361e510065a66e528a451f3756cd87ab

Download Submit
C:\Users\Admin\Downloads\Main (1).zip.crdownload

Filesize
419KB

MD5
11e40cd744c1b342988a44c3632b360d

SHA1
6377ebcf8b46eb0bef07321c4ebebb29f1b13565

SHA256
f00c12f1feff9ffc6822df557ddfdcef9202e9262169cd3073a64560159efcc6

SHA512
59ad5d806273828c7e5aca95d3fe9181128c8f92e7da561f663718002a4067e5ce061b18a3993ef7931fcb0289d1361c9000cb4175d600f138de4d6ebda05392

Download Submit
C:\Users\Admin\Downloads\Main (1)\Main\Instruction.txt

Filesize
154B

MD5
8e19bd05b12065a4c547a6e919eb4e42

SHA1
c2381ebebb3fefcd4c3625b6dcad86557e692234

SHA256
5c03dcdda71119fa5bfad076bec87320295c3ae601151382c44a894bdaf0d21f

SHA512
61b874eacd350a9feb571058d4096a42ffae6b141dab5391c77898b60c3d035807221735467af56ccb957394b7f87499df7f41c6f46cd7c5a368fc90d412782f

Download Submit
C:\Users\Admin\Downloads\Main (1)\Main\Main.exe

Filesize
521KB

MD5
98455c0df4aae673a4715d71afad2c5f

SHA1
da48917d453ca73fbaeea46e7e857af0b9402112

SHA256
c16f0c5883cf636187f80467435851e2f966e47d9797e6a7b0be44d61018f5bc

SHA512
11bd87ea1606f7592f09b07aea73485624a4590f209e64514643680bc2775f0d1a5ff1bb1d492476d654c27994ee38c083f83322d27dc69fdd7d1082468830b4

Download Submit
memory/868-211-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-200-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-201-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-210-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-209-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-208-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-207-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-206-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-205-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/868-199-0x00000187C55F0000-0x00000187C55F1000-memory.dmp

Filesize
4KB

Download
memory/4560-168-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/4560-167-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download