lumma | hxxps://github[.]com/Many3RRORS/SKRIPT-GG

Analysis

max time kernel
219s
max time network
207s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
25-11-2024 21:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Many3RRORS/SKRIPT-GG

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://covvercilverow.shop/api

https://surroundeocw.shop/api

https://abortinoiwiam.shop/api

https://pumpkinkwquo.shop/api

https://priooozekw.shop/api

https://deallyharvenw.shop/api

https://defenddsouneuw.shop/api

https://racedsuitreow.shop/api

https://roaddrermncomplai.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
2956	SkriptGG.exe
1188	SkriptGG.exe
4928	SkriptGG.exe
4616	SkriptGG.exe
1796	SkriptGG.exe
3116	SkriptGG.exe
2704	SkriptGG.exe
1792	SkriptGG.exe

Loads dropped DLL 8 IoCs

pid	Process
2956	SkriptGG.exe
1188	SkriptGG.exe
4928	SkriptGG.exe
4616	SkriptGG.exe
1796	SkriptGG.exe
3116	SkriptGG.exe
2704	SkriptGG.exe
1792	SkriptGG.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
58	raw.githubusercontent.com
59	raw.githubusercontent.com

Suspicious use of SetThreadContext 8 IoCs

description	pid	Process	procid_target
PID 2956 set thread context of 1964	2956	SkriptGG.exe	109
PID 1188 set thread context of 4036	1188	SkriptGG.exe	112
PID 4928 set thread context of 3524	4928	SkriptGG.exe	115
PID 4616 set thread context of 4324	4616	SkriptGG.exe	118
PID 1796 set thread context of 4780	1796	SkriptGG.exe	121
PID 3116 set thread context of 4416	3116	SkriptGG.exe	124
PID 2704 set thread context of 4916	2704	SkriptGG.exe	127
PID 1792 set thread context of 5056	1792	SkriptGG.exe	130

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	SkriptGG.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133770432700429239"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe
2600	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe
Token: SeShutdownPrivilege	2540	chrome.exe
Token: SeCreatePagefilePrivilege	2540	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe
2540	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2540 wrote to memory of 3580	2540	chrome.exe	82
PID 2540 wrote to memory of 3580	2540	chrome.exe	82
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 516	2540	chrome.exe	83
PID 2540 wrote to memory of 3468	2540	chrome.exe	84
PID 2540 wrote to memory of 3468	2540	chrome.exe	84
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85
PID 2540 wrote to memory of 1896	2540	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Many3RRORS/SKRIPT-GG
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc02b3cc40,0x7ffc02b3cc4c,0x7ffc02b3cc58
  2⤵
  PID:3580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2060,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2156 /prefetch:3
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2228 /prefetch:8
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3188 /prefetch:1
  2⤵
  PID:732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4592,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4600 /prefetch:8
  2⤵
  PID:4324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4984,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5020 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5152 /prefetch:8
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4836,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:8
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5504,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5404,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1044 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5532,i,3604490089848456209,2478306146844654274,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2600

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:740

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4788

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4256

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2956
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1964

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1188
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4036

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4928
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3524

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4616
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4324

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1796
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4780

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3116
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4416

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2704
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4916

C:\Users\Admin\Downloads\SkriptGG.exe
"C:\Users\Admin\Downloads\SkriptGG.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:1792
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5056

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
006b8c4675d0a3768df30c48f9f01027

SHA1
f86d8507f07507cf51138a797a4473d6157c8c9a

SHA256
329932d5ef93bb67b68c761ebaa592679766df8d984d3302be734507f375303a

SHA512
5a4ba32eadd68d9ddc86780f70339bc100aa33436f4e2cfc52bb45accd17ba5c21938e3125ac6b41de07527d8e5f15d9e12b4d620f06fd9d65efcab9e0cd51bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
44KB

MD5
a2ad7cc05d8e3fbd97bde6cb3b2ac923

SHA1
f7c49f70bb70df7a6312d3f5a8b86c9e443ceaa8

SHA256
1b33e2221b6a37ae759697ec65e810d9a8eda3689fdb1e914f35e1011374f169

SHA512
bbba9d6a92e9838181c963920318174f50f7c4ef73e4dc2fd096e594b38e1b1a0072b61361c00d42ee9347e77925869113924eaeb1e463b945a62d66b7a875c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
113KB

MD5
96a85a453b2e7b2d14734ddae895a6b4

SHA1
4295e13bd744cc3ae9bf5b65443a12d9b0e288ac

SHA256
a24e4fafee3bc0f59450b2d8fd05bc4c8413ed03d703efa9c2822b7a6190db9d

SHA512
82cdb917763ca0bf013536491c2a4a90187584054181b02e8ff8f1531b3eea73eafb83db55e9791bac666f04268a3829c58f2ecac04c1b6dd57d260a7b8f185e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
595KB

MD5
662f0d3f8d418fc44336fd3ed68b9683

SHA1
726a32f84a839b6aaea73a5debb8e51d689e2b7b

SHA256
b7079c7c6792fa2285244f78142137eeb5a9c20c08ee43e00ad5d988a99a6ea4

SHA512
0c1b81a7cb3eb04884f9717255c4ef349f58a30c3fbd2b86b9ad80a31251e8890a7b0c5f8c8067e406d7f849e4b00775918890f52d85849df3af7c857c3bedac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b1705389b560761f16db8cad93de266f

SHA1
2498f12b3c48c386f2b55ec76185b1fb278be0ff

SHA256
11d8a318898e440d7b954df1cb8a688a8e47b246de1f0f417914829800b72fc8

SHA512
a04f0298b131d77aa3e3424bbb611d1545cedbebe970e511bbec2b6b8512b00cb0f1dbf7b59719b0472b8db0e4565a44188e58a3f870329e18eaea31e743c75a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
987da7833730bded216b4baf6a73788e

SHA1
bce9ca711bdf9f36784b0f6298b906d57ab2becb

SHA256
86207c8dab8976a023eaec401ffb7e2068a0f642ff84f4ad4249cf4997a30531

SHA512
72a12da6c9b05bdaf6461354d15e13a284b454f5e811c89fbb5bb663bf56c1fe0a576455ffd608592b5b776661a67bbe6e24d146cf4863ace4ea8b9596af95ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
15a39551c82d02d9024cb616434c5f4f

SHA1
3d9f228978ad86840c29bd49024b013ad6af2ebd

SHA256
13d2a19d082a8e14c19e7083e48238bbe8b1509c56c84ad6eeba449c01cf51aa

SHA512
bb7eb1957bc21a945e7226d936dcd5db88b07ccb536a0607568485ba90c5adc476c0bcc18dae022727ea358c69d27daaa3e5520e65fdc8f7070ac43e0e76942d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
5f4b23c5303a39ac76001182b943978a

SHA1
c96cd8d9e58867d76735c5935781a043b2d4fab7

SHA256
7c468b944e22fee36e5752a1dc4537f51d7ea9973a4362be7bf6cefef98982b3

SHA512
e1328bc36db0ed124aac974ac141a7473b4be7a182e9d1a1c0ca67a716aa06a955894ee930dff9c6c56a7d9e3c07fb142d719c22338ea946c31ec32d04602b4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3cdd36cbfd3b59341661605c65ac5d43

SHA1
e4441dcb9a2aeafec522f05530bf14fb26b8ca43

SHA256
0b0fcb135cc4905d05c0c3e2b4a17673f5c48a3fe3585a3d469c5ddc0527108f

SHA512
5fdffa30fe4e0ee1bc85235f8466deeca5349caeea8989612ce4ece43169728049cf6e72d1a016a1b97bc78bf797acc6b4936e7893574b9b9e62a9b1bec17ca3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
12cb2d6837f0843df033e62039fa658e

SHA1
10b6a9c15b8aa7a724ad8a3de9bfb15ab71efd30

SHA256
8cc0cc14aeca770ba431dbfac425fb1a86e2862b830f064069322f5c2f4f68ea

SHA512
ce25bb61ff30239d247dbf1b2f8d24dbf9cfa966a0090cd6786015743bd78ff7d18093c7e6f267d4518e67c3cea211a173cde27a717c61eccdf20cbb61205c5f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
da8a8478078251d837491e4dca531240

SHA1
7be7ca8560fd3b4e9b33534f5e0c72f65c27dca7

SHA256
5ff5e14b23c9e8c862726340d1d527651eb4ff5f16cc5db1269cece144b0dd1e

SHA512
9fb6a46f857b4424f3cbbf76f8f5fc407e9009929ef18898f6de2abfbc1b405177c7e2c745775087e75de1cf3308b140e2b11e3b9d50e3033cdc66c590a429a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2307866c2bedf09551d443aa96dc0f17

SHA1
baa62faf5ac6bf88d42e8bcc94dd4b898c9c9a65

SHA256
1933bf266c8064dfd8af82ad1a266a6a1784e98e1cc1a5916976cc42786d6410

SHA512
bfe6cd91fa0b054ba3b7da460472f3190f40e725283623ff687cc764f246c5a5a7dea27505e0f3a78260ab72126a4b7c3a10e0bd78ade5c5b9a0908b94520f6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3e45cdba721e41a878a028939dee81d7

SHA1
4e5748a72b94733551161359f35b3539af2a9091

SHA256
54680f2fd45b77217c7fa97b3d6db2633ff8a27d2e6c66c4968db72e725c707b

SHA512
80e696c814db559bdabb7509f5382a63550312cb7b82a2fe435219920cf03ca0299d58f7996a463d08d994b0718041e84e8682c14ae0dcf83b3e50b2b56a63a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
19acb901ab78835b80d52e20051949a7

SHA1
10d78dc05740c00ced84362e0cbf8874685d82bd

SHA256
fe21aee25b91577df9b145cae6124e54c165bc16cb0a1626ec7fd37338478b90

SHA512
2f87629064f62086762fdc2dace435dda1746d2a7d905b6f6b375d1ec563eee45bb216a2b8bd14adb75673e97254e6b63992d71a12b89a9ab3a79a0ffb6170f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a2b6a62dc151dc2073013af491dc53e

SHA1
92ac0e0671bb8329c6d7a42b9eafdbe8490d7df1

SHA256
d44225677963f33b8ad77cb8a1aef38bb518bfe0cfd1d4e4b20a0cfc7f9ca62d

SHA512
2d2fdba19e570a420fdce3f7547a502b4e7c47ffaf55fe09dddc21f436aa8d8946c84769579b2722ebd0b027f72295e95299d329ff5bb1cb3a5a74ce47bca1f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3e7bba3f5260ff31760d52026a9e22ac

SHA1
a411bdf4c43d132ed0edc40240ed822f6d284c13

SHA256
07e5d8941ab2042fa4be80e28bed6cbdf108c42b37cb12c315f6c01180ba11d9

SHA512
f716c86a956cbbba20af0d1e1a1a24e1c1a722de8c6f6f33e6d79d4ed0299c95abfecc7bba673be7b92817869e59ff6e31d7e25ef369f291c590f53d293d81ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e51cebbed8d80e8493d475594e0165d7

SHA1
a9d3305731db018707958a1423d975eeb8e57ea3

SHA256
da7f718e00347382b3555fdbf6ba7e09296e74829c669e66216f415ecb6464e3

SHA512
ac8ab0e949d7720446c2cff46e7a5613b586b4c59efef1f2fcb39f9458ac27004dc7afa65b6010f57891060e45f899024bc66ffd69c2616349e5973f76ce185c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c4fefa6294bcd262bb350bf3f9b51c17

SHA1
741bfd3d492d2e0d349216ab3254b2fca845cb10

SHA256
ed4f2f72d9166383e3ff27c768532ad50563e8ac400075df6a2307a549ab3807

SHA512
8846a91b565b19b506336db8c3ba5c22b1d20beec6d3c05e4700d4ce513054c011febaf6bed37a05c993e1b9ad8032ad1010535e93ecd3014ada2c8bfec266f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
61d13f37e83aa52408305c3beeadb73b

SHA1
646ea91839144ea1e45dd8fd6a9823a43685b856

SHA256
f9b57cb7de92886d28996a9384a34330f5ae0ef97f4f7e7ee6d83a837ff251b9

SHA512
853dc7eb23d467c7e9cd980c815eb27431fc32b1bb6d63265803b85b97b6db89bbbc8d34ef8de32bb2c9b5bbd63be0498170be21c2ab051e0590ef83e8744eb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
605a5c4936d356c1342e93611cd270b8

SHA1
afae443f70964dd49295233708f555e725d8eada

SHA256
6b116dbc3ea06a009529b395eba824735b730126a289410bdb0104158ec5704a

SHA512
09820b5ee80d4c46c2b9ca9ab27043c17a48d9aed70090c6d1f08b2fec26f9ef293d205fd590696e5c9ad04811e373b5384c4a131d95d7c3806b11f8f279811a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bded13ac4edb6b1f55603610f81bb7f5

SHA1
69ee454435388f4e69285d5f97c7852b884231b4

SHA256
8eaae38d9715982c9caa0f9682c6bea7a9b43281e8632effee350c077127b235

SHA512
f3b0064430b1463f4ad412d05baeee3976a832c89d9077355e54b898317df09b5008e788c57bc853bc28aac513dacc277302cb230f31721e1e15f470e1472e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
18eedcbeb91d8c70aac9c3740d1092fc

SHA1
a2f22d31d2934ce9663b1f7ecb243757b75103c4

SHA256
ceb682931380e1d562eb8ce808e8b7cc4b52f8492dbb8ce8826d01c0827dbd2b

SHA512
27ef8e255e8ed188ba302258e1cd4047c122e213e18a8030dcea8e0e1794bdc413096d720e389a2a006e15648f4dadd538b8db5039c0b5f9d6c16b02f5fa7997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
98dc16ff9a940d081b091f759eeee51b

SHA1
cd935104c11c0fb2c12e03b0337336cf6c700828

SHA256
f244c51d0b0604591fc48ca35f57457f2239919bf7332f7383fe34b213962c0d

SHA512
5474879ecf902ff7df9b48c0dc49e158e4536a9b5c969078294f19a205459b5690b51bdd033ebeaa1899087913f384132f2162096b9d65bb35e434ce405b69f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
59f2a3aa57bc6f2e23091e4e94380313

SHA1
f1d32b5772b1c4322a478ae8d040fb2704597e3d

SHA256
da16d2bc658e9353c35cba3c4d1fab0c618a2227313f0a54e10c87a238a68926

SHA512
b5b1538bb2e184273b101180b658c7569c5cb7b63f43ef213f679ec9014df46ee66fcfe262986abab6395275e99a66d51527c6d62e29c4dd4a267417921eb9d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
e07b35c9a1d6a79372bee2378b5b4d90

SHA1
9e78360be371f830a7881b10191a1cb061397c42

SHA256
0e2a71a60d4eccf56a6f767242d191c46e3c24c84d15d3a9b1200162b9344907

SHA512
ce356adb2be7efae825c510c7fd630bd46294e3eaaf044e93734698c57ac37344eb4781008fe9d5fde19270d46c5e44d8f1cba8917aec48ece4d6f3a1c1aae0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SkriptGG.exe.log

Filesize
42B

MD5
84cfdb4b995b1dbf543b26b86c863adc

SHA1
d2f47764908bf30036cf8248b9ff5541e2711fa2

SHA256
d8988d672d6915b46946b28c06ad8066c50041f6152a91d37ffa5cf129cc146b

SHA512
485f0ed45e13f00a93762cbf15b4b8f996553baa021152fae5aba051e3736bcd3ca8f4328f0e6d9e3e1f910c96c4a9ae055331123ee08e3c2ce3a99ac2e177ce

Download Submit
C:\Users\Admin\AppData\Roaming\msvcp110.dll

Filesize
642KB

MD5
9bc424be13dca227268ab018dca9ef0c

SHA1
f6f42e926f511d57ef298613634f3a186ec25ddc

SHA256
59d3999d0989c9c91dae93c26499f5a14b837a0fe56e6fc29f57456f54a1f8a2

SHA512
70a1abb35bd95efc40af6653d5db2e155fab9a8575b7ae5b69ab3fbcd60925c66a675dac6cba57564a430e9b92f1a2ea9e912c4d7f356b82696ed77e92b52715

Download Submit
C:\Users\Admin\Downloads\SkriptGG.exe

Filesize
550KB

MD5
ee6be1648866b63fd7f860fa0114f368

SHA1
42cab62fff29eb98851b33986b637514fc904f4b

SHA256
e17bf83e09457d8cecd1f3e903fa4c9770e17e823731650a453bc479591ac511

SHA512
d6492d3b3c1d94d6c87b77a9a248e8c46b889d2e23938ddb8a8e242caccb23e8cd1a1fbeffee6b140cf6fd3ea7e8da89190286a912032ce4a671257bd8e3e28a

Download Submit
memory/1964-262-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/1964-260-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/1964-256-0x0000000000400000-0x0000000000465000-memory.dmp

Filesize
404KB

Download
memory/2956-248-0x000000007467E000-0x000000007467F000-memory.dmp

Filesize
4KB

Download
memory/2956-363-0x0000000074670000-0x0000000074E20000-memory.dmp

Filesize
7.7MB

Download
memory/2956-258-0x0000000074670000-0x0000000074E20000-memory.dmp

Filesize
7.7MB

Download
memory/2956-261-0x0000000077111000-0x0000000077231000-memory.dmp

Filesize
1.1MB

Download
memory/2956-249-0x0000000000C70000-0x0000000000D00000-memory.dmp

Filesize
576KB

Download
memory/4036-275-0x0000000000500000-0x0000000000565000-memory.dmp

Filesize
404KB

Download
memory/4036-272-0x0000000000500000-0x0000000000565000-memory.dmp

Filesize
404KB

Download
memory/4916-341-0x0000000000700000-0x0000000000765000-memory.dmp

Filesize
404KB

Download
memory/4916-338-0x0000000000700000-0x0000000000765000-memory.dmp

Filesize
404KB

Download