lumma | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqbjBnLVhnMlBZaEl5OXZKazI5TFdTY1hnaVpId3xBQ3Jtc0ttbFlocUF2c1Judi1hQU14RXdOQkROUnlfSW8tTGZON3VnUjNnTS13YTkxalNSS3RtSTU4bWFrTzZ3LWZfc2l3bkdwN2htajV6MTJBUXlERm9FSlZQbjZNQnJ2YXltRUI2UlRMTXRyN2xKX05Rd2ZETQ&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fcw22ddzcgxqqx%2FPASS-1234&v=38pzwUM31LA

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbjBnLVhnMlBZaEl5OXZKazI5TFdTY1hnaVpId3xBQ3Jtc0ttbFlocUF2c1Judi1hQU14RXdOQkROUnlfSW8tTGZON3VnUjNnTS13YTkxalNSS3RtSTU4bWFrTzZ3LWZfc2l3bkdwN2htajV6MTJBUXlERm9FSlZQbjZNQnJ2YXltRUI2UlRMTXRyN2xKX05Rd2ZETQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fcw22ddzcgxqqx%2FPASS-1234&v=38pzwUM31LA

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

C2

https://partyyeisdo.shop/api

https://potentioallykeos.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 2 IoCs

description	pid	Process	procid_target
PID 5284 set thread context of 3232	5284	PASS-1234.exe	152
PID 5492 set thread context of 5660	5492	PASS-1234.exe	154

Program crash 3 IoCs

pid	pid_target	Process	procid_target
4472	3232	WerFault.exe	152
2424	5660	WerFault.exe	154
5912	3232	WerFault.exe	152

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PASS-1234.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RegAsm.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PASS-1234.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3500	NOTEPAD.EXE

Suspicious use of WriteProcessMemory 24 IoCs

description	pid	Process	procid_target
PID 5284 wrote to memory of 5248	5284	PASS-1234.exe	151
PID 5284 wrote to memory of 5248	5284	PASS-1234.exe	151
PID 5284 wrote to memory of 5248	5284	PASS-1234.exe	151
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5284 wrote to memory of 3232	5284	PASS-1234.exe	152
PID 5492 wrote to memory of 5472	5492	PASS-1234.exe	153
PID 5492 wrote to memory of 5472	5492	PASS-1234.exe	153
PID 5492 wrote to memory of 5472	5492	PASS-1234.exe	153
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154
PID 5492 wrote to memory of 5660	5492	PASS-1234.exe	154

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqbjBnLVhnMlBZaEl5OXZKazI5TFdTY1hnaVpId3xBQ3Jtc0ttbFlocUF2c1Judi1hQU14RXdOQkROUnlfSW8tTGZON3VnUjNnTS13YTkxalNSS3RtSTU4bWFrTzZ3LWZfc2l3bkdwN2htajV6MTJBUXlERm9FSlZQbjZNQnJ2YXltRUI2UlRMTXRyN2xKX05Rd2ZETQ&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fcw22ddzcgxqqx%2FPASS-1234&v=38pzwUM31LA
1⤵
PID:208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=3852,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=2828 /prefetch:1
1⤵
PID:3652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3812,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=756 /prefetch:1
1⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5440,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5464 /prefetch:8
1⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5448,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5472 /prefetch:8
1⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5832,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5932 /prefetch:8
1⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=5940,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6020 /prefetch:1
1⤵
PID:4824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6356,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5168 /prefetch:1
1⤵
PID:2252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=5424,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6412 /prefetch:1
1⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=3816,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6328 /prefetch:1
1⤵
PID:4356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6508,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6476 /prefetch:1
1⤵
PID:660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6432,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6660 /prefetch:1
1⤵
PID:1388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=6768,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6008 /prefetch:1
1⤵
PID:4016

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6892,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
1⤵
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7088,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6948 /prefetch:1
1⤵
PID:2580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=6344,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6224 /prefetch:1
1⤵
PID:4444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=6500,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7360 /prefetch:1
1⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=6520,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7516 /prefetch:8
1⤵
PID:4768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7524,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7560 /prefetch:1
1⤵
PID:3588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=7852,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7984 /prefetch:1
1⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7332,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7692 /prefetch:1
1⤵
PID:5544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7532,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7648 /prefetch:8
1⤵
PID:5696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=6092,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7516 /prefetch:8
1⤵
PID:5948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=6488,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:8
1⤵
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=5624,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8
1⤵
PID:2496

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=8040,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:8
1⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=8040,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7476 /prefetch:8
1⤵
PID:5672

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=8048,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7848 /prefetch:1
1⤵
PID:6048

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3060

C:\Users\Admin\Downloads\4.1_Setup.1\PASS-1234.exe
"C:\Users\Admin\Downloads\4.1_Setup.1\PASS-1234.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5284
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5248
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3232
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 1136
    3⤵
    - Program crash
    PID:4472
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3232 -s 1260
    3⤵
    - Program crash
    PID:5912

C:\Users\Admin\Downloads\4.1_Setup.1\PASS-1234.exe
"C:\Users\Admin\Downloads\4.1_Setup.1\PASS-1234.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5492
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:5472
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5660
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 5660 -s 872
    3⤵
    - Program crash
    PID:2424

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3232 -ip 3232
1⤵
PID:3584

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 484 -p 5660 -ip 5660
1⤵
PID:5136

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 3232 -ip 3232
1⤵
PID:5124

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\4.1_Setup.1\PASS1234.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:3500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\PASS-1234.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
memory/3232-2-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/3232-6-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/5284-0-0x0000000000420000-0x000000000046A000-memory.dmp

Filesize
296KB

Download

Analysis

Sharing