lumma | 0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d

Resubmissions

14-01-2025 13:58

250114-q91jhs1rhp 10

14-01-2025 13:55

250114-q76bzszlay 10

Analysis

max time kernel
149s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
14-01-2025 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TempSpoofer.exe
Size

393KB
MD5

3c4161be295e9e9d019ce68dae82d60a
SHA1

36447fc6418e209dff1bb8a5e576f4d46e3b3296
SHA256

0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d
SHA512

cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6
SSDEEP

12288:ndoOphZgRZGJZzu/aeZjl5FeBTCVpgTfR:ndl/QZGTuHhjFe1C3gt

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://sordid-snaked.cyou/api

https://awake-weaves.cyou/api

https://wrathful-jammy.cyou/api

https://debonairnukk.xyz/api

https://diffuculttan.xyz/api

https://effecterectz.xyz/api

https://deafeninggeh.biz/api

https://immureprech.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma
Downloads MZ/PE file

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
178	raw.githubusercontent.com
179	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3276 set thread context of 2240	3276	TempSpoofer.exe	86

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	TempSpoofer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133813365546705099"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe
408	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe
Token: SeShutdownPrivilege	1400	chrome.exe
Token: SeCreatePagefilePrivilege	1400	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe
1400	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 3276 wrote to memory of 2240	3276	TempSpoofer.exe	86
PID 1400 wrote to memory of 4848	1400	chrome.exe	103
PID 1400 wrote to memory of 4848	1400	chrome.exe	103
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 2044	1400	chrome.exe	104
PID 1400 wrote to memory of 4580	1400	chrome.exe	105
PID 1400 wrote to memory of 4580	1400	chrome.exe	105
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106
PID 1400 wrote to memory of 1216	1400	chrome.exe	106

C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe
"C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3276
- C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe
  "C:\Users\Admin\AppData\Local\Temp\TempSpoofer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2240

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2128

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7fff8a4ecc40,0x7fff8a4ecc4c,0x7fff8a4ecc58
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1936,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2008,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2100 /prefetch:3
  2⤵
  PID:4580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2316 /prefetch:8
  2⤵
  PID:1216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3340,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4568 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4844,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:4860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4452 /prefetch:8
  2⤵
  PID:4492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4896,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5196,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5200,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5012 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5036,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5132,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:2
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5600,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5584 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5388,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5320,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3416,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:8
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3388,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3352 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5960,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  PID:4272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6072,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3300 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5804,i,7548033753564433018,4240037629072470210,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5936 /prefetch:8
  2⤵
  PID:5292

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1276

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2068

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
5f2aa84c3b61ec5e58f2b12adf324ee1

SHA1
ec9e386ebefe50676f1443be1796be3627f770e9

SHA256
a07213e228490684d467f2a4a32feec92cef5cc80f271a5ebb6527eede66bdb4

SHA512
35d20ee33e387325d6ea24f383200a9538cf8a4ddcdb8a70af5e45391cf1ef715d011e17c96c8ca0947420829487d1059e8f99129a357bc7d8c6023567d2f20a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
240B

MD5
6c96f2ef55d6518386ea44d3b42f2d01

SHA1
7b1ea6cf08370e0b9138554de83b6d8353b0242d

SHA256
d1470712c0453a044e2808b87c13266dacf8296145b5f99c4284b71fc774e0a8

SHA512
f6eda229937023921320d4a777ef6831673a16dde7e0b30e2c190779d4f2ebc22d5f915f730ce4eaf08752a00f36f7d277405a8cc11a603a30636623f3d65ee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
43d50ddacba5a503cd8a778b79e203c4

SHA1
5dd27627c52dd0fdf13c60cb7a152f73971168d0

SHA256
9e09b43c27858d6c00f6cb0cf057208ca98135dabfa4d950fca9e9c14bc522bd

SHA512
6c49358da7657efb671f90685045b290eb91bb220488f7f42d0e3dae3bbf1160565ff31dbe6334a38881d9cf52fa93b3e8a4a85097757fd87a9812ee20d9bc13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.85.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
d8985bf26054d316f1e842be2dd13132

SHA1
8932acfb683b139c599e733f21812b6c8994bdc2

SHA256
480ea72830f02634d41cab2b362c5cfad30b2a04dd4bc1120508925bd08f4e84

SHA512
792dcbb8eb603b3b2cd21e734953382aeb4997c0c52bbde238ae4ac7a680787da482d215e305ffe1629fc524c90ff2ebe5d457b84ed153eb63953cb2c37001d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
844c606d2c7e3961bd480e5d36adda43

SHA1
9c584a6c4815d75681bdf7821b777da507ebe7d9

SHA256
0e259b9f1c554ba54b4b1d71add8cba9008fb1f9783419d0b998dda788237b14

SHA512
2dc8360568ba420164c531613b2ed1abeaaab1bd47d14e8a2dee167bf809ae35d889a49ccf78e7a3f455f074d74bcc63902321249df900fbba73da4e8ce006c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
f4cce8ad33d29c61fd4234921821a5ab

SHA1
d9e98e850ee3211cf313232dd9f4fd1094581f4b

SHA256
3c73be80e3805c26a051911255a756987b7095c29e9f6fd356dfd37d118f131c

SHA512
ea9941b4a38e9ad15be4ee06c5e5d77f35e2bcbca7874c48d1d0f64d9348f46ad7b6c326c8afa78fa3fcb22f758b05642c1176ec50b15192b6e5619935803910

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3a7957cac25e4263849b6ed4beb83ee2

SHA1
b51046347280519b005c442b257d3d5f6dae39fb

SHA256
603130f6cf97fa0cfcea74c0fb5c83d31d33fdfc87cc7e1d4cd240794087b9ed

SHA512
3c11712c041d338375245f7964df628e0fe10eb98cba3f7832b36800f6fdb145fd266b520e74bc81709558337949bfd6be354d258e923f006b6fc56d4c0d82a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
979a29847f3a8c7784dd768610d5d979

SHA1
0cf8a8c416375f1a2f9917f5291e3ec8b7e81d9d

SHA256
7b393ada661730baf9a3cc5f4bb6c38bce002a24e14872dd2c81d6807cd4aaae

SHA512
e9babc408bb3f67f803e3a710612bde34efee2d5b84761e0b0a44880828d569ffbeb8db1cdffb57f7a37c76e678469e03f8a6c636b46e6257935cf3e46e04908

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
a17b2614846842a8518f6e6bce78b70a

SHA1
20fc99415152c6aee127650c1d3859381fbc02a8

SHA256
189f428414c7e8422d957ea27d82a5a7e884ba87352c055991a88cd236d8f652

SHA512
b835f7c15b2129b8baebfee297096b042887b59bce7c8eaa117d2b2b38680dfd25d3a040355462f216355c5a7b5c277ab80b2bc6faa9780095bf6187ee1b4582

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
7bab86f65b03f680f6d3420377127882

SHA1
8115a3e585a4fc82268af8eb5f84de576d4d8afa

SHA256
d86d299bf718bf57cbf57a326fcee2194322a6b294111ade77dd16382f528716

SHA512
93a91e329279b2cd839b9183a1bb97c6cb7e6a76ee21ad18c40b338114a6838f720da17d800e0bfb0143e58fc350716186452bf41bb1b7c43fe4c7165610e694

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
53c0cd49d471a909f5c5bb67d14444c0

SHA1
c7b964e2710cab49ae4924863f5a35f5b964648e

SHA256
8e02053b439787c2089af4501f187f3f263946923ee271fa81eacc87838c1cd3

SHA512
3daea0400d67e04fbab1463643a3df793361a8212adef990b5c74257a9bca6094b759e1972617cefefc58a5689238b157493a3a830384e566e4c9215d4026b1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ae41df00332756b508e639f55a5ac93b

SHA1
69c4537b2e1af7976e4e794c8c7ec07a2986bef5

SHA256
2909275457164d25ed54818b8a09d5b9dbd0eb789651596353b21d8cbdb8113e

SHA512
a111fa1d5456a7d9c743b1ad691f9dc2ae969a880483444b62ad6aca474bba2e02d54dada7b33d15152751ee1dbea9aaf3314e9b1c3d0422e58839dd079efe60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
32764c6608d9c2c7aee2c62859c5f5df

SHA1
a8f9d8c6fe18bb6a6d95957f721f4bcca48c5ef4

SHA256
953182d20b0fcd0d5787b2bcdda943b490973dd9d741cb81c89fff59d36b326a

SHA512
c7a5506ccd1061cefa3e5fac95d00486b50a6a461db45425e81acd9208e1b0adbb74e94fcb8c8485da67224a4593c8ff0e6c2e51687c5959f732de15cdfab550

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d185d4ffe3736abed519be2a060a6150

SHA1
923172ccbcfa4e474eeb4b46f00aee248f8361aa

SHA256
f98dfa2b608aceccb496b585d20139096a090915210a79f61744e7bf19c8aeb4

SHA512
6214b34f5b2afcfd92641556bf555f1331acdbebde513afce3546f3fee498ad3b924b2e3387e102b8782ef1e251322278ad7445e66fb83f11b8ade359ba22012

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
be0aa461b9d5d8fc37fac2f7cef57c4a

SHA1
247729871c06d07727d0ce1cbdd0b4e2279c9f57

SHA256
a6c66483388fced01ca0ee320e0b5c1e2de0eb97675dda46947d72ecb4ffa269

SHA512
6712d0c68633e1365257ab3f52b5b7fcaf59703a8c4a90475ddc17c88986f6e1d623ed8721e027452f147e3caadf15fc32e6ead6348a998715d40e9d142a9dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ec434dfb07227c24dd9997fd96f4b94c

SHA1
6584a8a4e314b1cbbc11f67c0ebc58bb0920e0bb

SHA256
354a04704db23c9a20d4da072aba1464a71fac8d39379ec498a9b9a56a30b8f6

SHA512
4605f785bd080b7afc235893db5cf58af4012e197fc1cab07dccfd490553a0b7e60b95f16dd03a65b6af173680a061d26c4af5991c8df8c60560ebbe26b3767a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
51cd17e458363d8a08507735edf407ee

SHA1
bcfeab0b6f4f5d0f2bb9605384e2defb4944169d

SHA256
268553d23d42c32f81b771a83f9194d73d36bedf1a417544a72af494ad6bd1db

SHA512
ef79efb69913bbf142b234e9d00e65960e9ea1acfcc71699960578d5318af2d33d5604144408c87b403548e19332daccacaaa0b197584bcfdc751da7bc655e85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
01679b1f1d445b7b86497d0edd77da76

SHA1
9126836b031a4f0ddc350e8adedb38ee82b4cddf

SHA256
8b70e92b0c81dc7fc09fa2c236e9f51a6080302a9c566b4c1797d2f149a3bc48

SHA512
b85507c2dc1af80cb603d40ea97eb3b37e7d5c62e771eec687a0be7909c6220372dfe04fdb69f49566683877590164ed7e2f038be1a767a6f25b071574046de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
302bbe228891b4cdba92c33770162490

SHA1
9473b6e00eb6abfc565ebb19479beacaeb2d2ef3

SHA256
3ab5ef9cb857e4ae4aea9f54480a38485ca0729883b53a52776067ccd9fea599

SHA512
fd83ce6071f0fb39bd779061a8e80bfccf84701f886472ec0382cebb7c8ca0ccb32d6e15d92baf514c4282db6f3dfddf82adbbf75c83633fdb6d29c897d8732e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
0c9fcd7fd7b8e905476e57cb4eda6046

SHA1
7aaa03940aeaa41ca7250dbee7e335aaea043138

SHA256
829da29a50d6a09f1d67e8c90891ce009ae419f584dc1797f3b9fbd9cdd4e281

SHA512
6e33881eaab9a388ef935ff69e6fec0b1f97ffb86429e4a038ae8e39cb3abffe7b6911aef1f8102afa1013dc94e92904714bc1221b105a7fa0b24e50f3533afe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
756bec8e0fc3643e6cf75d89ce3f9162

SHA1
3b740d16ae3bb736099270d130a1f22824927dc0

SHA256
2f8c5d053b76f43a8cd879ef760dace6a05b8d7edcadde9abf543d7b4e2e2905

SHA512
07f9330082d573565d18074c79a4cf70e141b92b8f68c4fbab229651d0e550df843f714c2b2fccd58632b27812aa614d69db4b966e3e85570428bd60862a6d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe59aee4.TMP

Filesize
140B

MD5
e93878832a3ef9371ae6179e3a403a5b

SHA1
c95de74ef8bfabb69b097a00b7d805280ac2f234

SHA256
e68a58513dd761e49bbb0f357cad1faa40ad702ab54b61d703cb7787737e70b5

SHA512
6d1d50017833894ddd6b9d5aef360d0efd5fb71896325b60dbfaead1916b479c10f2b8ea0fc8aa218b0e7662bd6293ab7d3d8845283bdc2deaf3cd698bb2f20b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
77075e2e68dc5d4717de8eeac3412a5a

SHA1
16a06d4f34cba3f222bd3bc61dd6f369b9105433

SHA256
8f0c08537f2b82d0caab241d5f3f2cf266af282f6ae784bb6bd4a07dd7486170

SHA512
20de1b02844c7bb3ca37768bb09b3507dd159464887b2649d9ee45c42ea87fca02841a57cb713decb9a2dab1ff828a5012593728358f8f940f68b83caa624684

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
90d23e615d97a633ca39568bac5ac517

SHA1
0880c78468f17ab15e69887ccb64b9e4ea3d9931

SHA256
dc878e38a10a841baa358c4e4ac20b3002a776bdd4d261b39c771496853fcb28

SHA512
9c52505a8f1fa87a103a659a1c8751889113fc02de4933981b054ebee3fdf10730de1c39c5852c55e36d7a274d2ad924daaca25344f15618340ab80206feb6d5

Download Submit
C:\Users\Admin\AppData\Local\Temp\af19f845-01ac-4479-a0bc-d0f1c1161e23.tmp

Filesize
150KB

MD5
14937b985303ecce4196154a24fc369a

SHA1
ecfe89e11a8d08ce0c8745ff5735d5edad683730

SHA256
71006a5311819fef45c659428944897184880bcdb571bf68c52b3d6ee97682ff

SHA512
1d03c75e4d2cd57eee7b0e93e2de293b41f280c415fb2446ac234fc5afd11fe2f2fcc8ab9843db0847c2ce6bd7df7213fcf249ea71896fbf6c0696e3f5aee46c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1400_732859110\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\TempSpoofer.exe

Filesize
393KB

MD5
3c4161be295e9e9d019ce68dae82d60a

SHA1
36447fc6418e209dff1bb8a5e576f4d46e3b3296

SHA256
0f6481dabf7871823f259eb95f3b85c37d1de8a7d1884ac77a97d887cf96f75d

SHA512
cfa2d491a5d28beb8eb908d5af61254ac4c4c88e74c53d5d00ae15ef0731df1654304199996545d1074814c0ea8a032957b28d70774f05347616428e667f70e6

Download Submit
memory/2240-3-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/2240-4-0x0000000000680000-0x00000000006E8000-memory.dmp

Filesize
416KB

Download
memory/2240-1-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download
memory/3276-0-0x000000000069A000-0x000000000069B000-memory.dmp

Filesize
4KB

Download