lumma | hxxps://dodi-repacks[.]site/baldurs-gate-3/

Analysis

max time kernel
300s
max time network
292s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
27-11-2024 01:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dodi-repacks.site/baldurs-gate-3/

Score

10^/10

lumma discovery phishing stealer

Malware Config

Extracted

Family

lumma

https://powerful-avoids.sbs

https://motion-treesz.sbs

https://disobey-curly.sbs

https://leg-sate-boat.sbs

https://story-tense-faz.sbs

https://blade-govern.sbs

https://occupy-blushi.sbs

https://frogs-severz.sbs

https://winterchill.shop/api

Extracted

Family

lumma

https://winterchill.shop/api

https://blade-govern.sbs/api

https://story-tense-faz.sbs/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-7093__Sat-Up@!
phishing
A potential corporate email address has been identified in the URL: #Pa$$w0𝑅D-7093__Sat-Up@!.zip
phishing

Executes dropped EXE 1 IoCs

pid	Process
4672	Set-up.exe

Loads dropped DLL 1 IoCs

pid	Process
4672	Set-up.exe

Blocklisted process makes network request 3 IoCs

flow	pid	Process
214	3580	msiexec.exe
218	3580	msiexec.exe
221	3580	msiexec.exe

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 4672 set thread context of 4576	4672	Set-up.exe	117

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1512	3580	WerFault.exe	119

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Set-up.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	more.com
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	msiexec.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133771434130742941"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 15 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4672	Set-up.exe
4672	Set-up.exe
4672	Set-up.exe
4672	Set-up.exe
4672	Set-up.exe
4576	more.com
4576	more.com
4576	more.com
4576	more.com
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe
4264	chrome.exe

Suspicious behavior: MapViewOfSection 2 IoCs

pid	Process
4672	Set-up.exe
4576	more.com

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4956 wrote to memory of 4036	4956	chrome.exe	82
PID 4956 wrote to memory of 4036	4956	chrome.exe	82
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1084	4956	chrome.exe	83
PID 4956 wrote to memory of 1140	4956	chrome.exe	84
PID 4956 wrote to memory of 1140	4956	chrome.exe	84
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85
PID 4956 wrote to memory of 1384	4956	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dodi-repacks.site/baldurs-gate-3/
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc1d58cc40,0x7ffc1d58cc4c,0x7ffc1d58cc58
  2⤵
  PID:4036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1804,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1720 /prefetch:2
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1740,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2248 /prefetch:8
  2⤵
  PID:1384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3112,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:2732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3120,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:2548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4776,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5044,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4660,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:2212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4872,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5224 /prefetch:1
  2⤵
  PID:5012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3532,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3164,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3864,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4428,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3144 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5480,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=208,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3308,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3320,i,2149929990840375315,17306683931541690219,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474 0x33c
1⤵
PID:1668

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2808

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3920

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap21848:112:7zEvent16255
1⤵
PID:1328

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap9489:96:7zEvent19395
1⤵
PID:3540

C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe
"C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: MapViewOfSection
PID:4672
- C:\Windows\SysWOW64\more.com
  C:\Windows\SysWOW64\more.com
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: MapViewOfSection
  PID:4576
- - C:\Windows\SysWOW64\msiexec.exe
    C:\Windows\SysWOW64\msiexec.exe
    3⤵
    - Blocklisted process makes network request
    - System Location Discovery: System Language Discovery
    PID:3580
  - - C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -u -p 3580 -s 1448
      4⤵
      Program crash
      PID:1512

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3580 -ip 3580
1⤵
PID:1488

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
14e4a53974a5140a7c39bee1b33c5833

SHA1
a5b2ea8d9f8c87e090465180a39c3a09535322e4

SHA256
864f525a8ad2b503e52b2e3312ca567ece40611525f2a8bb8de3b0a9918b2037

SHA512
13908d7e30ee14fe66b6f8cd51ba6d785f5bfb65114081689863866c51ad7481c891fa1afe92fd6602e88b22dc29029d28e7b2c109b655cbfb4800a8c07a1d55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
984B

MD5
d8e2772458e5551b420534c6f1c0f9d6

SHA1
66ed2ff3dd80c2a15f74777da60954ba7c1ce080

SHA256
99de50900904fbfd20110a1c5320f00b15d8fdeb5428b031fbbb3fa4c35e6312

SHA512
00290ef5933c4805d53e4e979c874d1ff8ebb12db571681cfcfe10703c000f73c1577cc96831da893d55e7bf719f8f2770c6938103466e62481ecd3762c7e7b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
10KB

MD5
f42435491e7400ad75ddeb0faa4ad4a2

SHA1
05ccd9d9b1cb1faeafffce61cba5c863150bf448

SHA256
5749179ddccc710e21a685a29f240a3ace3d807a481888749a052dc9aabfa2b3

SHA512
882c0a5e9c1086016734eb7622463fcd1601653f2e10f3ac7b7477413ebb78406cb4f7e58ebbc93f315ec2d2d4c59e247225a88d2511a053f2416d7a4fbd0cf3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af5ed9e1c006270eb693a44642b88162

SHA1
b21602663c910fdc7be218cbdbf9f1e092d1a48c

SHA256
2accc3a286006af2a837f211d1f25e8335971e278e112a11e170a8e1d9ea8f01

SHA512
7331cbe4b1f2192fb69e12e7f55dfac58510d258b9d736ef7a864c33609bb7c5970a227101ae5b6da7d2fdc6c37508d0f0ed4e87c6ceea5a4ef38a58ce7b6c16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4b65cb67b044794606abd30757f5fb89

SHA1
41a29a2c857eb731cf5392135ec6e315196bfd65

SHA256
eaefbb3f3869c04b4c9de9c94081823df417a4470c730730172b4025019356bd

SHA512
066728d7b8d0ea5260813175cb039727951b5156bf362f01ca03caa2b1ed4878567447a9d25c5130f92262ea0d23131543fab2414919334597aa52ebc7875cf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a71f1201045ce288e85a25113e25abb2

SHA1
8fde25b367cc45a6c1a852d831c1d6ae8513b44d

SHA256
1be69bbe3b5820e3584b5756761141375b18c2a987344506f0525f3c5940004d

SHA512
31d3caac4bf98754775568fc1a219e46099ee80e475646c80e2f0a8fd22119199f432419cb164d0aa240b7c13fa259f5e50a958a8f3602e94d76edbf9a58afff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
3844533a49d36b09eb78e302778d1e44

SHA1
39b8845084a3a76b6d9e3e859360b4337c3ffb04

SHA256
57d35c5902f59ea864b553f4a4a98c196af7f8b3bcf272f66278d19617b38628

SHA512
afbdffca5348f4e0e78af9c0123b04c6e89183d2828acb282608db3bc2b56e7ff29e1c08062bd5ebf19617c40c01e97addedaeb81f452b5cd82f46437b4afaeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e052098f23a4da792c8976f1c35fac34

SHA1
376f1fb324223d32a84a279825933828761b6195

SHA256
547b4dd7c6fbeeb57d7d6196ca3dc9ca809b7a706c147d2d294b2ca7b613dc19

SHA512
8905b0d5ac7f13e4b060b3bea14300caa5d538840201134838fdf3e2e89e4a373c7cff84a07361f6eea70ae5b75aa48af7e77f424565d4fe71e623186f6c6774

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f501539603f2247387d1eab719d3462c

SHA1
5b70066d5f45d55a6e0b568814aed5adfefe9357

SHA256
82e0ce79fc5eb87b092090c793a1efea695c2eb4bb971d6b7ed418f820968273

SHA512
85356e74ddac9c57c1d99c9c0678c679b130a2e504ad47f4bff0b4a8127af111334c0c8d8f13c32426217e55c982c68539bd34c24e2a51a9b03cdb8dbdb81b79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
2647bff6f1f9e86e43186c3b608f3eb3

SHA1
e2289629d5a5762200fdcbd026e17f02b43a792d

SHA256
42d7cd146cb473c05a210e8ffb112efbc0d90db3494b778029aeb6746efc30d8

SHA512
ddb3620f370bcf90dbbf8e32214f58a3b398a47041269d1a19b94a244b69a00aab3d020c9abed5d689ac2a700daee00ae21694d209d4027585e37fe168d79acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
501442f5aa2768421b9a76ea61fba84e

SHA1
92e1b40f677879d27fb66d565f0e3ff5b87ac64f

SHA256
b69c602f90d846a3278fa30cfb2d3fddb0791f92b951e3db0b8c0ef8f5973624

SHA512
c1d0a4e61af69988eeff9507ab19ccff5d4b70fca3af5751426b3a486f5635619b1392f59a2df3d327caf964b0b001b0bae5f671bce5bece61b10ce3bcfe60db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ee9beeae3efda6b44105b1b0878a13fd

SHA1
925e10a6fc3431baa8e9e8aa84cf4a38e60738f6

SHA256
77f04eac6867039c014554fa962dfc23dc4f5b3b0f8f6dfcdefa63b0014eac6f

SHA512
8f6c1ab86532abf50272317ad96561a29ee295b3735df72c4dc56d257902687ce941e2c16110dd000dde390212e65d72e0a8c310ae61753e33fffaedda6c7054

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d5292a77019c4cabeddfeffc785d7f44

SHA1
c26858aa6f041dbc31cc9a37d29a951572cb53bc

SHA256
a7d90a1e137ba3d363cba63932abacbfbaffa23d16b78da90e596c34f3ed1960

SHA512
8f27a393071bb50fae3c4ce7a489adb042a6f8dfd6817a22d88952e47cc59cd501acc65dac4cef8da080e53f59dfbdb33fb5b7fbb3908ee92db51a038bef7882

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
bc2e106a8e2afd80eda86fdc49a48bec

SHA1
46600f85dc929df65105a3d39749153c97f81308

SHA256
2ffb4e4a2f43e785e2c5d4cfed801f5047f6ca9f88d6102784ac1fc40677a07f

SHA512
47d6426eea93de5d72801674b316bd68e60c4b397f85f45c27d61f4b0ab6c600b069633ad1659b66ea596898c1901b71f65cec04ec6648a3245280ada012ac1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
49e433890ea57b6af24d630854ca3d0c

SHA1
064208773d8bd6f7b423be57ad78a80d6a4af7d8

SHA256
8465579d2d437fe1a92d095b1783f15bbb7004566fd469b1eee09c5d4ce4b7e1

SHA512
8516bdcc80dc796ddcd6f6e8c7972bb9ae327cb5964ee6a4cb03d2f366f71d64afbeb8c0e7c277ce4ef8f001051bddf63b481c5e042849008903cde1512e5375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
fc4cd8a7d1cabba1147e6d29234d4177

SHA1
0af2bd4d41634a3ff1cf44d8170e41820002e685

SHA256
f7777f1f621f04a217da0a87c002fc2308d03234fa4df5641ca46828041d9294

SHA512
7535b1276c1020685bad6ff73276050f56ac9fa67fcd4eb58557f481037b6e38f063048f280617183701e989148d9e8a8d72847dfee71ec06f8199626aee8599

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
b47ccba3a6a633972eb1401619f7ef34

SHA1
fa89fbe62afc90b1f63f038ec9ee57351dfe5db5

SHA256
2861994b530e09c0cc80c8728f24f91c065b34500c7482ca3224873bc3afcdfb

SHA512
234beacb2709fe8eaed6e59937567f68ed8891ea026b97195e57399b5cbd605b52052afa69d2fa83fc9e64afff4f04d639d1f5ef73bd0260e1d3bffda712526f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
a3e389085c4f74037c7d37bdddebbb28

SHA1
e042ab0b471f6501163aa3197263681df05153f2

SHA256
ddce58c84e55bc36292970bd31cc88d369e017c3dca57f497789d772e0eef610

SHA512
54bde21d926616a27e3a505db1f14cc40dfe4b8afd60367a154821cde8191098a463a91642c34a633e6227c1b1eefe593ca362becfa99d744334c1c74e5c2903

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4558c4fb5b2b2d22d9769e4d1fee6958

SHA1
57b1caec082c5df92e5556021d98845b08f3a36e

SHA256
c952cb104f4c81614f98b2d26505984a691f339e85f1389db4fabd44b02fe506

SHA512
2f747dfae0ad712b6251e621ce0aa711657e940e927a7bd11a2d7317752e651f02a041ca0900694781f28a32b7fc11739796bfa9a54d99360484f50cd2958e71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
61aee2ea85a1f6df7b221105ec3fa137

SHA1
257bbde88fba6074e07ac12091cffaeae8ccfde4

SHA256
d84a3df17ccc6033dcf480dea19020895ba80832d1869c6c23b3368e7af4f93d

SHA512
970cf24fc4b58643ccdfb4b6749894b45d50a062b579adec2c066c7a4ad1a2138f925888b4fcbe1f1689757acbd2cf0063e25bc29ca2aac105b4c945c2b34b65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8cea5d7854c631cc6ae96ed608cd555a

SHA1
b3702ca59edc856d1be4593fcd6e296f5606ddb6

SHA256
56f27226e7b3cc32ae7ef92ab28bf510c6ea65eb67c81e13d47c3fc666e24cdf

SHA512
a020761de9714eb51b6fda25cf3af3964ce3aa124f18b9c07a1e0cc2c9d3f7879b269b7017ac61e8caf80e45d808e6f3e4217201e1be6770d80be488e68920ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
57fa1ddfbed492977ae447236b6cfb74

SHA1
d655bd8097606caaded1b3140402a7863f5a4f38

SHA256
d06ae9285312dada5e45d5b854933be0b9f19ba16b70d21bef6f0b0020f127c3

SHA512
f5413cb0bda905b5120af6530c4946e2d3eb6189c52a6870d08475fafe445ab41456ad63ff4da446741d52f3f3bff858c4a1629b41a2a83645f1e193124dbf59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
c6c24cab08edd198ed5b0ce713c4d75d

SHA1
769b03a80663a8eb12d695dfc625659cf74eb2f2

SHA256
4ff79261025dd306166666e4177edb5d290fe6efe3098d2d1effbf0bcabc04ee

SHA512
f0b16d2602db2ac7c9f0f04b9601f7f03af4b9a31c4bdef57ceb2d1a780785ec03e70a912ae330b85bbe592eff30f004a6cabaf35b23a37a10a43fd1a2ad8bc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
4cbc5b7bedf9ac3b70f42417d2b357ab

SHA1
0afe9c80ff13c9f875e2350687492a93235cf5f6

SHA256
c66a3f4a9b8b3839ff8be1df9cf0dc1f0d0274d318a26c702be3174f692d2405

SHA512
b8fd6647d92f26a7b34634c9e4481cd227171fd4730ea3cb261a50b1e2e5ad425fa69c315d0e251a20032da3f3d9b9cd5db330b5e09e0f2a31660170d1467be3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
362e2c52bd2317957d1a40fe1a6ec9b0

SHA1
8b6fd90cb4972f611fecbd858251cc741cffd034

SHA256
074549ed49e64d28ab2e1bc96775825d1b029626275ef3866b129b4b392cd695

SHA512
fcf34eef3fac67517a1987379d9b989f0f423c051256d0985f2cb4ca53c3ab835294998926551ef27f72f461104bfd9fc76a5fc5f55f48de6b42febae1e45e2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\80a5e5d3

Filesize
1016KB

MD5
73a45a18166a71cace4d324177cd6686

SHA1
fd0ce3323cb5882689edaa418b7db32f92491f18

SHA256
35cc13e1b7ced1a8428cab4465bbb2aec53b3ea449b3b01b353107a4873415cd

SHA512
7654a0d19197e36805e2ec2aee45a44894c5bd3b2ebe681b1cdfb91076427e897c19a7ba3d6978a346e186d867cc4da3d2d06edd23e1ef4677857927eb3efef4

Download Submit
C:\Users\Admin\Downloads\#Pa$$w0𝑅D-7093__Sat-Up@!.zip

Filesize
24.3MB

MD5
fc9409e5459a8e074b8663b875725f8f

SHA1
9762782564b9aebe97fb63a4ac2aede793c0e6eb

SHA256
bf37065a1e0336445e708b7e99dcee8e53758f35d58496e193bdc6adcf910977

SHA512
c8a4aff5821b72335d6592e54f9a323465f9f61a515a3db8650aad239cfa22948e43dac4fb73e4f112335666a7557cbc15df52963ace262d939ebe82015307c0

Download Submit
C:\Users\Admin\Downloads\#Use-7093-to-0pen!.7z

Filesize
24.3MB

MD5
6483f3aa31e0eb9b988e092eef4ddf6a

SHA1
3220e78b4278ee9a0912f53f9a1fb423106312c7

SHA256
21ac04b5927be74b8f96aaa720697ef60e4aad86ff16bdf10b4210370aeb320f

SHA512
962dfb4526402530b81453e56bf1017a6bfb624063963121adb29cb58748e8980a917bbe7383e540289a5801c94deef239f577736f127a2ac71e4f943845bc7b

Download Submit
C:\Users\Admin\Downloads\SatUp-Here\Set-up.exe

Filesize
1.8MB

MD5
098ac4621ee0e855e0710710736c2955

SHA1
ce7b88657c3449d5d05591314aaa43bd3e32bdaa

SHA256
46afbf1cbd2e1b5e108c133d4079faddc7347231b0c48566fd967a3070745e7f

SHA512
3042785b81bd18b641f0a2b5d8aec8ef86f9bf1269421fb96d1db35a913e744eaff16d9da7a02c8001435d59befb9f26bc0bbfa6e794811abf4282ed68b185fe

Download Submit
C:\Users\Admin\Downloads\SatUp-Here\WebUI.dll

Filesize
15.6MB

MD5
cdf6f41dd30c6024085b4d16ac265797

SHA1
befc48b8bf7fe9e005190ac242835acda96efa68

SHA256
2326376afbfacb1d8067bb924cb5e9588b4bcfcb1f11c3c555cf1272c0307e76

SHA512
deefac51048876fb38f5b49eee7235b958c86722dd8f39697340e64d091f2a94b7381ca557add09a90713b7dfc5989a12c6a77d6ee382265bb01433078ce3f4c

Download Submit
C:\Users\Admin\Downloads\SatUp-Here\ajq

Filesize
779KB

MD5
d4c0c5c3498525dfe1a1e467d04adf70

SHA1
1fada9db19e76219a2a1ef23286458dbd4fdf6aa

SHA256
2fe1ce837938166c23fcfd05f50c3337ec8da80e452996f11d7f2e419db29099

SHA512
20d8161b0eabb601340345224388598ffb46e5cf5849fa3b61e009dc2bcc05a7b744c97fbf3f10a00532be1055e54aa66b01a2a09ee0f8111e790a20b498632e

Download Submit
C:\Users\Admin\Downloads\SatUp-Here\xlnwtea

Filesize
15KB

MD5
20aa873838ff8d9e189b8a3a6c77dcbd

SHA1
bbdcb50777870c61b76034291e10d4c06f10e643

SHA256
52ef82bbd07c36431181fd7311f1a7fa5de07401cba3ab2786220356f34b56da

SHA512
db0a6736912900db9822eeecc88e1f953af128b32b14f02d76262f2195e065088279f44302967c40e67a1632967a55579191f3ffb3f6f79c84107ffa9ef432b9

Download Submit
memory/3580-745-0x0000000000F90000-0x0000000000FEB000-memory.dmp

Filesize
364KB

Download
memory/3580-746-0x00007FFC2C1F0000-0x00007FFC2C3E5000-memory.dmp

Filesize
2.0MB

Download
memory/3580-748-0x0000000000BE0000-0x0000000000BF2000-memory.dmp

Filesize
72KB

Download
memory/3580-747-0x0000000000F90000-0x0000000000FEB000-memory.dmp

Filesize
364KB

Download
memory/3580-749-0x0000000000F90000-0x0000000000FEB000-memory.dmp

Filesize
364KB

Download
memory/4576-721-0x00007FFC2C1F0000-0x00007FFC2C3E5000-memory.dmp

Filesize
2.0MB

Download
memory/4576-722-0x0000000073090000-0x000000007320B000-memory.dmp

Filesize
1.5MB

Download
memory/4672-697-0x00000000008C0000-0x00000000008C1000-memory.dmp

Filesize
4KB

Download
memory/4672-719-0x0000000000400000-0x000000000061B000-memory.dmp

Filesize
2.1MB

Download
memory/4672-717-0x0000000073090000-0x000000007320B000-memory.dmp

Filesize
1.5MB

Download
memory/4672-704-0x00007FFC2C1F0000-0x00007FFC2C3E5000-memory.dmp

Filesize
2.0MB

Download
memory/4672-703-0x0000000073090000-0x000000007320B000-memory.dmp

Filesize
1.5MB

Download
memory/4672-698-0x00000000733D0000-0x00000000752A4000-memory.dmp

Filesize
30.8MB

Download