lumma | hxxps://dd[.]buzzheavier[.]com/f/GTg6BljpAAA

Analysis

max time kernel
1199s
max time network
1149s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
13-01-2025 18:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dd.buzzheavier.com/f/GTg6BljpAAA

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://joinmilkeu.shop/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 3 IoCs

pid	Process
4388	setup.exe
4604	setup.exe
412	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
57	mediafire.com
58	mediafire.com
59	mediafire.com

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3982764349-3037452555-3708423086-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3982764349-3037452555-3708423086-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4388	setup.exe
4388	setup.exe
5108	7zFM.exe
5108	7zFM.exe
4604	setup.exe
4604	setup.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
412	setup.exe
412	setup.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5108	7zFM.exe
1232	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe
Token: SeShutdownPrivilege	4216	chrome.exe
Token: SeCreatePagefilePrivilege	4216	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
5108	7zFM.exe
5108	7zFM.exe
5108	7zFM.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
4216	chrome.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe
1232	taskmgr.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe
3628	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4216 wrote to memory of 1424	4216	chrome.exe	80
PID 4216 wrote to memory of 1424	4216	chrome.exe	80
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4364	4216	chrome.exe	81
PID 4216 wrote to memory of 4684	4216	chrome.exe	82
PID 4216 wrote to memory of 4684	4216	chrome.exe	82
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83
PID 4216 wrote to memory of 2404	4216	chrome.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://dd.buzzheavier.com/f/GTg6BljpAAA
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffd76d2cc40,0x7ffd76d2cc4c,0x7ffd76d2cc58
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:4364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1888,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:2404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3160,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3188,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3712,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3808,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4060 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3224 /prefetch:8
  2⤵
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3376,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4836 /prefetch:1
  2⤵
  PID:724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4704,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5412,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4688,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4708 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4148,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5272,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5688,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4392 /prefetch:1
  2⤵
  PID:476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5992,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:4952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5528,i,10336810896745791056,9497253212655244182,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=5724 /prefetch:8
  2⤵
  PID:1692

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1112

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:224

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:5108
- C:\Users\Admin\AppData\Local\Temp\7zO4F35389C\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\7zO4F35389C\setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4388

C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:4604

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1232

C:\Users\Admin\Desktop\setup.exe
"C:\Users\Admin\Desktop\setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:412

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\34b79039-e868-4284-87af-741f4bf8a7df.tmp

Filesize
118KB

MD5
9be46756709b555e747c69f09abcadd2

SHA1
95c549c66b1247dad4ee7c5975df522b503cebba

SHA256
491a865a482c3e017fb440e08c0564aeed76122ea4f6bfc1ea7a0fa72348b11e

SHA512
1541e38171fc337ac5922a6ccd3501d4dd27e52fd7d2d8ae227b938f24542dfc5c7402e175fe05414914f511a0d65d9bac16770b42b4153092b9bf33b35b8e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7ff83dbc-3942-4283-a3f8-2f32d92520fb.tmp

Filesize
118KB

MD5
662cf77487f99fc62e4b65740ff38280

SHA1
c6ba3c23065f9f9a421513b26d60307012dffc12

SHA256
fcd0ff0e5314a547d4b1ae1f881a243dde56c5ebfc6525cd9b83743826d5a1a5

SHA512
6436e2c07e483299ef9dbd6efa7ec4b0acb66aaefb1822cd321aece709d3e450c36fba8bbb5c60f2ee756b7455627a678734d8566a3aa60297588d4cfa61e907

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
1e7980929b492da664702c7bf656b67b

SHA1
227ca3f683de2538bda46dc27ee5631c9d9701c8

SHA256
fef58e955484c08c8765b39eef55d1170dbc78e1562273ab3f885573e73295bb

SHA512
b898430444d2b93186fd299006ff6660ba51643b8a4011e61c0eee9116d36f0b0e4cadffb66474ac85780630dbfe9f20d86c6f3e8fb85b60f2a1bb0fa1e216d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
247e322dbffb34c9d3110f13293bff05

SHA1
10da04df4336616d246183c985b4b8613fc4ce86

SHA256
ddb67a38f151d96a16b7b9e899510e55d9f39a2b7a2e65904c73aea7ed67e650

SHA512
7f7f13785c4898354e2db51a92b3e50ce629e5897a5fbd7b1b03c97ad8cfe3f1cb290c5ab5f456f5211f801f5e92d46b834c7e58f89d21e2e1681650ef66916e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
2a3e8370b656ef34bc1d40f1b7f04d7c

SHA1
e7669f8c124d8c533a071413370f3b1b1a7be6a3

SHA256
ffbbef5d12cdf6e86086cc6e3fee7282597364d58007b128386e9195f1ace225

SHA512
2840b8367d4323ee498805a82f6c5c4d3e99103917d05ee08b2885025a35d4474f43bf599ba5f6cfba44a81d3d1a190c6ff7480061bb766bd190d0a273d60ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
26e913bdd9aa55f8ec18dd8096051d84

SHA1
841d19ed3bf672d8bbbaccc119e256eb886a891d

SHA256
901acc4d42a7d0f20f5bee7c6f38d717a7242f2842116f3618d498208e174d76

SHA512
f32b96fd8481f460d49433b4f7469ea9eea2a51ac2e349fbbd1d90923fcb2f9994190644f5869aad8e9fd8daf229d10928fce4db4bdaa1d4d60c1b9483cefabf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
68186b232327e08aa86f9092505f6565

SHA1
21829553a96c0fb90c698f305d705f18f83fde9d

SHA256
bddc62933f7f7f5925f62ad9d8011a22faf97f2032b9e80f80ca23595a7bf9e9

SHA512
0f96e8bc06bfb210457d8798d79e11c6d6659008cf882207f019db900e431ffe180977c9a8c2bcdbc92af89c0f04ed7259944ec8e03fab2ee2ab2a5e0d3f2b2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
684B

MD5
1255ce43aa944354a5ce95c24cf56817

SHA1
33e1d0ffdcdf69c36baa59dc75e224b187000294

SHA256
ebde5449a970c5e5ca8b9e64ff8c439e3b1483f68185caf9be9e07dd90f4258e

SHA512
7036625131a257af8fec5ca1141e8834b6b605e10bc39e093f9e1a647bac3cd6cee877e75f8f382a3468758ef9baa0cd425551c84f9f68d508ebc16de21f79d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc0510ee0e87f620704f47315c722319

SHA1
5ea54f1e5ba4b5f8a243e75a0cc13ce0bd215d38

SHA256
c3fa411bbc424da52dd686e6980cb56c436e75e4ac2a2e22a023e51e16e99f3d

SHA512
79ee86fc9368559cc3ac52a2b39e1cc6c03f856c35e4ec1522c0a6fb8b4a21696675490840565b660af94560737d2fcf1a290488e6129d83993a43e266658385

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
686B

MD5
62b5f25c79596b5e6a09cf996d18e820

SHA1
6683e270dcc4a566846a3e1295e0555f834bb531

SHA256
95f8e755595eb8d23310f3f7a2e1ace94d5bbba6d1b54212af5c3ad4d0b9c873

SHA512
03bdfd7640b774093b96f5d47ea3d5683ea621dab2be8bff13a0df8b4bb711831e664135b730bbe7f6c61d2e2472051f18fa3350909251f224bda5f30b544947

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3d4fe6a49b55f5c7099b9f57bad65486

SHA1
0e548ab3ff4d79517eaf86905b37bf7ef7cec434

SHA256
5ebe9b4b5b2428a2963d1972402fd0def0e061c84957c4539bee3e88642a6608

SHA512
ccda81043d0e01f2474eb0826dccdbd2279a78d781fd76d07423c6f876e1be4018877a7ce7498643263b5f0f4751e505856d6ef7047f4f98d934ce9af75d167e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f155ea828d934af6634201a01f1df108

SHA1
d03da7e7a7e28740ff1aa037c5e01f64286ab74f

SHA256
555fdcb114f9e0e3493609a1e5994bd488c8d9025fd6e43ddf71dc8d68e64658

SHA512
4c2f640d775af2df63653c2085403fda18c88384e01a7c8f0531bba25064ae617e1967c38d2bdc6da708c3a955b7671c08ecc792f9a23ee76b4ff80c06218e42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
311cbaf2a5d42d059abdf62ceb59e270

SHA1
8f3ee6c3711d1a8c2e5ab617961f463fbe089070

SHA256
08b18f2e830850500de0649ccb4254e83ee0f2cba836252f988c254f165c6877

SHA512
2d8b0deaa775158217fa60b3c84e466b9a704bea32ed5472e28af29bfb5c7c6414629e56c448be97cea1eaa7fbf4c70eb022d0bfa0ec73043243cd77bfb937f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fa851b47f5aad434ede1e086b4a74dda

SHA1
f595f22d0fb83e0270cd9757dba6228ebb3d0fe3

SHA256
9379cfb6a51a4d12e1086404fbfd8154951a37fd171700f2cfadc789f0a977f2

SHA512
a67dccf429208edc97332797db89f2ff912140e39fa81bb44c610762c4a6f889f6a49f705a9bb4831258850f48a09318a03404b8a765f74d56fae78cce92d08c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b13b9dba20a9c2662fb8b43e62b742fe

SHA1
58414ea8115f4e6fc4324c200eb99ed7be178a2c

SHA256
dc010b2e972f4a457c9c15a0d3d8577e9ec88e4742d888b1ec3afe77ea38a12b

SHA512
4bb0348296f908d09e57b8d0eb4ffd5f29ed76cbc96708eed0c735f5c326d2d40950cc36192afe48d883fbb95e99b8cbc61b3bc76cd6e679b18eb7169a896640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
88397dcd94c39938e056690ba7fc6bfa

SHA1
827d948f0581c784db39bd276433de018e52de6a

SHA256
3b6a96134e7ccc65de90950fea52cd912eec0986ec3b1cf1841a25cd4e7f4cba

SHA512
4a86d2e55fd4457a8a30e54ee710d8887fab689d0f54a29fe9a0fa92514647d7556352e9c0fd635384a965254e8e88746d40f31c4ff717830f78da4a4b563ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
657572cb7269d07418e3147b96743ac5

SHA1
e12b22ec646112184a33725981ac8e04b4ba2900

SHA256
fe0049518c469016b4a664ed3cfd10be29cbff92f1fe543be30a91d906357ae1

SHA512
ac785ef7b95f360beba3db7916e5e15031aab1fc55b194b7934034ec11a34c83df22b1585378634b1256a698f104143f32c2ee31a6c4db98eab57254c8fe8895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ae8a7271ef45b77ac4809e6007fac386

SHA1
85573deb3612b99960c73c6bdad0e6ec270d803e

SHA256
742a7f2d53f53cac9c011c7cbda768178cfa0a5d3421e396c9f423716aa46c64

SHA512
6e526913b98ecfad301926536dfbeae941216439d8a3ef876f0275f6b7e7ae684d26a6ddb5e290d031d403cb5e52e93ae08e9fe5561b4ff8ce556a94633ef12b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
a44b47ed6c7d6147b11e65e2a625f9bf

SHA1
1cd12585eff5270bf1a6b731b2843256627120b6

SHA256
d833cdf27c8bf2e4ff1093fd055d978daa93676bf68f7486722ac38fac139ce3

SHA512
9a8d352e7865cbf5941f89a48706823d58ffd7e1bf87b56d6f7e4f95b22e0a8f297172a4710942cce57b750760a710b8e7732596c419db47926bd56ff2e9031c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
3e6366d8dff314a17bb3e821545a050e

SHA1
c7fbab97bc361fcb52d5b82921061abcaf248050

SHA256
f1672d03a66d249b473d385b6aac36f0d08b12f888c349aab5ec21e4da5728df

SHA512
e30e6d6acc5573c90dfba797a09f0dceb53803a02b6a0b89dd0b2768d9542b7b1109302b81897f3eb3cd4cf2d2777d440efc45f402a6b727c97103e997a938bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
791e664dbae033b328976b199b74f919

SHA1
b1c0c64670f7836086d62e1cdf8f5542040950d1

SHA256
9571fd91393456171ea101b58608352d20151e36023c2395825ba85b9c24980e

SHA512
ee2b6074b7bdc794811cbefc09e7cf5c9dbb756f0e0e0e91ac8f90aba7de7780de4e4a4bb1bc416b36f0b3cfd2e5916eca74c8fbce9c6e94d6a997983288f843

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
740b478513fd23e5433777ff9e477d1d

SHA1
bf41d6ca1d27575b67ab2c6772fad9f20702e8ee

SHA256
61c919220876de369288272d64bb10661bd0fced721cb29acc61293cef93ef03

SHA512
6e8e58c26c5b8a36057058709f1df3d44787aac744a1273851ce250a2197d2f3315e479a062130581ddba1ee681b6b4852c3769aabe778225012e461efe1f644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\d7b69906-0309-4385-bbb1-da42990d56d7.tmp

Filesize
118KB

MD5
39e9bbef4d4a9d2edf93ccb934b2847d

SHA1
b599208aacb5410bade6c87b3d32ec6f0231ab32

SHA256
5202a931ce075d4fbb93c0eae2f115cc50cd35826513661e05d4b32324d0e2d6

SHA512
a612a860b350e32d370784c72d41b821d8dacd4732689a0e2b29f1164ac0bc8cf7ac55a57598dbf23df04dfb276608cff00bd1f75b24d1432ba721a67dd254e2

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
58432cf844d900ac5417eb22e4a04cf5

SHA1
86eb82c4ddbe914750d3381fc3835cf47d68adab

SHA256
45deb5ee7fcac3f20266b0df9550fa7967cc475d1aa9e42a691b51d093f8d7cd

SHA512
4d79f57870a40c647f71b5b11f5466f1e3089c402fe17ff40e6fa53b7b892de23bf4e68400485b624cb4e564adce41cf22c8d6e02936bb492ae4e0c0a5a91953

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
12KB

MD5
9bd01727f05a70fe77800e2c8cbdc7ab

SHA1
9dff18b494e59453c2d939b0e81a3aa761d5b5ac

SHA256
3b89967d08e8f1a3d14965f9cccf28a03cd8aa94eda85576524ca719b45d0a8d

SHA512
e2e33d57f4ffca9358ec725e570f152de5c3ac3f94a890d2d6c6f95e967eba8151d4ff7f4cc585d7892431ff702a2ff70f8799805487c492a8d1cddc1ec3e965

Download Submit
C:\Users\Admin\Downloads\!Ǵe𝔱-Set_𝓤p--6338__Pǎ$$w0ɾD#!!.zip

Filesize
2.5MB

MD5
5fcc6cd0c2a572f3fcdc2a8b6c8fb52f

SHA1
09c0993f6064c63048c3987fd3c163690d48d0f7

SHA256
58649a55313f30c10f2b1c43e166912026dfee3964697473c1d2120aaf8aaedd

SHA512
ecb09bfcc0c06594c271a1aaaedbd8adc284cfd0b0cdb4d46177afc5e50727109312249070b1a782f018506970bdad7a5e1b0818d7a09692a8f950df9f947042

Download Submit
memory/412-439-0x0000000000400000-0x00000000006AF000-memory.dmp

Filesize
2.7MB

Download
memory/1232-433-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-421-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-422-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-423-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-432-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-429-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-427-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-428-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-430-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/1232-431-0x000001D008E90000-0x000001D008E91000-memory.dmp

Filesize
4KB

Download
memory/4388-411-0x0000000000400000-0x00000000006AF000-memory.dmp

Filesize
2.7MB

Download
memory/4388-407-0x0000000002E80000-0x0000000002ED2000-memory.dmp

Filesize
328KB

Download
memory/4604-420-0x0000000000400000-0x00000000006AF000-memory.dmp

Filesize
2.7MB

Download