lumma | hxxps://github[.]com/cliqued/FL-Studio

Analysis

max time kernel
213s
max time network
215s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
26/01/2025, 14:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cliqued/FL-Studio

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://servicedny.site/api

https://authorisev.site/api

https://faulteyotk.site/api

https://dilemmadu.site/api

https://contemteny.site/api

https://goalyfeastz.site/api

https://opposezmny.site/api

https://seallysl.site/api

https://mafnufacut.cyou/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 1 IoCs

pid	Process
2768	Loader.exe

Loads dropped DLL 1 IoCs

pid	Process
2768	Loader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
15	raw.githubusercontent.com
23	raw.githubusercontent.com
24	raw.githubusercontent.com

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 2768 set thread context of 1564	2768	Loader.exe	99

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	aspnet_regiis.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133823765590728784"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4249425805-3408538557-1766626484-1000_Classes\Local Settings	chrome.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Loader.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe
Token: SeShutdownPrivilege	4572	chrome.exe
Token: SeCreatePagefilePrivilege	4572	chrome.exe

Suspicious use of FindShellTrayWindow 44 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
2508	7zG.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of SendNotifyMessage 18 IoCs

pid	Process
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe
4572	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4572 wrote to memory of 3880	4572	chrome.exe	78
PID 4572 wrote to memory of 3880	4572	chrome.exe	78
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 4412	4572	chrome.exe	79
PID 4572 wrote to memory of 1644	4572	chrome.exe	80
PID 4572 wrote to memory of 1644	4572	chrome.exe	80
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81
PID 4572 wrote to memory of 2964	4572	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/cliqued/FL-Studio
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8801acc40,0x7ff8801acc4c,0x7ff8801acc58
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1800 /prefetch:2
  2⤵
  PID:4412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2032,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2164,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2180 /prefetch:8
  2⤵
  PID:2964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:1704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3096,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3108 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4552,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4240 /prefetch:8
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4704,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4320 /prefetch:1
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4920,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  - NTFS ADS
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=736,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4928 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4956,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2216 /prefetch:1
  2⤵
  PID:3004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5352,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:4424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5572,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4292,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4800,i,11694522767302026284,2841611761473925923,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4240 /prefetch:8
  2⤵
  PID:4916

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4432

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1104

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Loader\" -spe -an -ai#7zMap26634:74:7zEvent28102
1⤵
- Suspicious use of FindShellTrayWindow
PID:2508

C:\Users\Admin\Downloads\Loader\Loader.exe
"C:\Users\Admin\Downloads\Loader\Loader.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2768
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_regiis.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

Filesize
64KB

MD5
b5ad5caaaee00cb8cf445427975ae66c

SHA1
dcde6527290a326e048f9c3a85280d3fa71e1e22

SHA256
b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8

SHA512
92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

Filesize
1008B

MD5
d222b77a61527f2c177b0869e7babc24

SHA1
3f23acb984307a4aeba41ebbb70439c97ad1f268

SHA256
80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747

SHA512
d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
dcf0975679602f3f1bed49b89a76b307

SHA1
c12217483f072dc40ac88d4e22da0dd87dcd0f92

SHA256
d433d364fa3faafe20c85f0a6ed8f1380a019137e5723e1379a25cafa5786705

SHA512
32da5524549916a8f4d0f027478f8aa73daade82f4712ed89d001d5028dfe6e5b62c6641c935e66709c27a3e844b65bea5e3c89d5bcc35869aae2e67fb8decc5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
215KB

MD5
7b49e7ed72d5c3ab75ea4aa12182314a

SHA1
1338fc8f099438e5465615ace45c245450f98c84

SHA256
747c584047f6a46912d5c5354b6186e04ea24cf61246a89c57077faf96679db6

SHA512
6edf4594e2b850f3ede5a68738e6482dd6e9a5312bffa61b053312aa383df787641f6747ac91fa71bb80c51ed52a0c23cc911f063cd6e322d9a1210aea64e985

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9fc023a4a1b53c4a57de5cf979613437

SHA1
43c8816a0baaccc818b50f7bead8f59bd306e833

SHA256
ba501bc6c808f41ef5126cd054ed9a4285eb3872e8b5fe360c2f1148576c3119

SHA512
197c108184b7cc02bf16d0863e04b6c0b0094f4a7371cef310ee0abb8cf8d4122c63da5e66e14edc97cc1c906ed486a24e52676ed6dc4831f40c0798f875c1ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
703a4043e862972904f07b7f8a107033

SHA1
2f15704b822b38574e870c5af6a7f359b94ea71e

SHA256
e190b6857d399854baf6eb118e967fb7e0f39478b2fba8e02f3ec55386c37c35

SHA512
6f8ad5feb7d91f8be628e2be3dffec0c7a419a1b444867ded8070bb6ee98ced1c3cc9e5894b0dc0c2b867d7f80e82c7d0b6a06dc2f0c6879ed286406256a9a4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0fdda7deaf3cf4bd45b01f641ded3ef5

SHA1
8e9fbbe18463ff9a63b934f5ceb569509fc61e36

SHA256
c74fce88afadd635a6936081d1fe954cd466f58f00e1bb3e74d0330b066ff5e8

SHA512
b4243dfac53089623dac3f942650d2cf43ff45f01ccb7713637f06c365f4a36ea19a4eae021d2eb00d5db9537ca829fb9474a74143bcbfe5ac9bd580c9a68107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\1a45504b-847c-4f66-a034-46144cce7242.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
816b1d08185900e779c3890d59aa996e

SHA1
37babc09cab8b95de5a1dbfdf3001f767fb61ff3

SHA256
7a5ecd99c881989c67efe6a96bb63c507e71f451ecb200a18580c1aec62e494c

SHA512
092128bc9025e9efcc717851a412fc5237a31dbf7e0c90c98ee095bb193035d611645d5fe0553ab19bcca255b86cd4920b02fb64d43e05fc84068ce5b89627a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
60b57625bb85fe6351acb565353a3086

SHA1
8842139fd75f469f6a5600ae7dd373b244445a33

SHA256
dd6e9d93375438e57ddbfd760ea3c087f107378628e4bf45a9b394350f92ad6d

SHA512
60d0ed6dd5815dea04673af8c75bddb8c8aeb328cb5b9ee8cb723f8fae421b36b25d492c3ffe913b09508f202e29d67aa9ced603edd0d1aa911d29b4407b116d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7936bfc2de5557b106d6dfc4abd8570f

SHA1
992344ac2f582cd1c85cbf2e28368426b0b8e646

SHA256
878fa9818d3a059fb4f7a9efd609713346e93af00870f0b4fbefa587e1906dd4

SHA512
521eab383ab07c63beda3aa6c78d148ab8c98a417a98dd85a6447837cb00b52336f4eb709de484aa056cee5a78d14b71c05eb31350f4fdec2710651522bf179b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
47e870a1fce75f0af4733ecd9d098f93

SHA1
f5f46623a0a48f01b3818d9bf6200b8cff73e7e5

SHA256
c904d3ba4c56057667ba5b55cbd3d60e658c1c68c663c6c89498fb253fb63bbf

SHA512
a740724cd793228bf4e6e200806880ceabb0e9e1921914475b99cf2f1286b76800f52bf9012548fb28d6927fd42308643f46af5b32960afd0b0ff100e0970df8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d307169b5690ebefad9126aae19623fc

SHA1
d99dbbc4ca6769b33186355150b5ff013bd6bae0

SHA256
6fd5a68cbd926e87cabce2fe54ebd3bac44be5073c46247c364194c01d213311

SHA512
f54fdcb57c7b54afc90fc854010712851a8b337a3d0c2782bd36a6f8c4f5dee5864d94d463de8930fedc967670025820f6f98db6fa3261e5ef37e10743bfcb68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8849e05cc4b570e3e77baf369cda8faa

SHA1
79510cf10f59e72454790cac2ed88c6f78a1dd59

SHA256
0961d82914477d2d703d5945a6a5e27f5c8551dd48fcb0a6e8da8dcdbb8b0fe5

SHA512
4c86503214c6a39c1a6bd2d22bf661382c265c0dadb3875621b101741455058761994905f0b50288445dfeabd31a7daf7eee63e7276cde5678497f35031e478e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2c3198e40f57e4edc4ca2206b3cee0b7

SHA1
15ec17b21a3ae9e18b4b0a64d07c8e91142da889

SHA256
d119ca83ecb7f4671befb20e70cc7ef7178da7526185158fa54309ede0fa6858

SHA512
eaa2aab2742384effdb917c92e5e7d84198192332b4f5aacf6ddb08c9e93bb03481005e4fe0a9e9a65334547cb07110287638d25672b0a7ce595722aa18ecbc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
fbdcc61077e9a13c8d336215fdedbe0f

SHA1
3ebed962b3ac807757226a215b6a83a153e05bb2

SHA256
a6bc0175638c5efed665855bc9f99d83b56d9c48a45f52593d4e8611d8d9c91a

SHA512
5b1e551bedf69d5c301a2e5236f58fbe8e52bebc7ab6075e4d1269dc50724eb524aecf9a4a426fe55bd2bcc673103eacad8b0f519f1090b4dde99e07d250bca1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a8fbd8e6b826a5bce5fb9a1a13bdbc2d

SHA1
b8bbd1d62dc9019608fbb6cb208c18c6353b66c0

SHA256
737fbc062ea0a55637c84945d6298b98c6e8f4344a97e529c85a88833f57455c

SHA512
ead859307f214866c4ffe85f76be209f800904571b16d8db32e4cfa342873e4cc5cecd7813acf8c2958fa3d8227ec761daad893080eab60ece3d72da7302f45c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
139f30e6581f7edd6aeda3b3c20e1551

SHA1
4d3f954b16d2e13e408902baad5e6453060c7f67

SHA256
5e4893603483c7c887d1cb7e1fb0fe8d8de810994f212110705f389600fd7e6f

SHA512
36add3303a59b7c4d690f18fe5a9fc66d244f5ddf82c062f027b1d21422be5534b598fe21b821b0618055605a89fb9fb409dd8195e71fd0edf7f9713fedf6c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bf142b1c18afb206d027deaa1bc3cf02

SHA1
47746d5fbe44b5b30e1b0daf8f25153651f7a100

SHA256
64acb5dbc5def66be9c0073cf452a890e3ede6f3d6aa23fe6b41f47f54385898

SHA512
6e47fee6355faf7678272df4a0e32c88944388902cd9c2edd048e5495c6be9d871833c23d986758f8ae496b4f11fce245d424d01a081f85faeb1934583d09326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d601ecdb64af46b6e37e47aeb66d0d90

SHA1
c35fa6318fc2de5832d6171259a38c0a6c87ba6f

SHA256
2cd081d305c89a22aac5f038f3d05c3faf18805d2916622e580b9e1c24f96adf

SHA512
3f95e278f642418d6bf2bba20ed973ffbafaa47110c8624ad1611b9bdee694869488affd8b3d71370d7c1b9fbbc8c9456671a6df9ef1ac2366411d86645bdc83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
91ada3ecb213fb6e573ccbe15b504841

SHA1
e5dd997c6a751a23dc802b11200e1e98d0b2266e

SHA256
efa07030eeec374032a0389df0b015f99b5eb52d5203a0559b366bd53b9b701a

SHA512
60f97345eb91e2b902c32f824d5b1bc8180db6f84a336c4bba4fa666690cd5c72a1048945843c9f57b99bef3c771ac93c56e443ccc5bc2438df4d6a064060b84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
17e95ce6277720f7d3652227fecd544c

SHA1
6a5e3bee34a551ae45deb3bb285cbc57200d9aa7

SHA256
cd3d081b6a8c1fa2c36d7ecf8ce65d4976bc43f2898badaa31a70a9775778629

SHA512
d41186b8de2dd1c24abec3635186a0fb712dcd8ae8e42c68908f154dcd2446ca274865f68576583ad290255c5719f9162e6cc4b87cf27a2f4d1536bc6974de0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb8a51e20d9c61059a5478d03a54b510

SHA1
c0a7b841b7298c73f959f1404320520effb1f937

SHA256
1f6ebca01c437df845f45a81beedc81be4cc342be8bb123c3bf4f132ca8470e5

SHA512
25ff14849ba3032142a956b420149af7f376f292329e96dd89b4d611a42e4d187592553c54eecf3427ca3cab1b4bf35d8485b7ff5a33b860e4945e448bea8944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3ca650008c81aff521e5abcc5c8e1663

SHA1
a3bf625415f9a3220b8706ee01649c1383005b6f

SHA256
98f9f3d93630f80e45877a59222188c4edfb042268c17b14ae6ed63ba0f4aefd

SHA512
166fccedc36d13967a98ba72a8abeb65ef6ca4517ed4e85ebcc1a2c2bc5b6a16feea3d8fa9c5337dd5581455a524342954a872dac867674268a1ab2b0f4a5d46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e7a076a9b611ba7559699a45774a53ea

SHA1
26ff8ef244063706cfa49b81f3bc837ba4a118b2

SHA256
632dded3a3b7caa2986feeb4ce326f2fe2beeb77bb625544c79622650e275608

SHA512
0a3a24a34022d2ff35bbf3f0b31e37bc521d6945ce13a4283667e2d905c64d04fb135a4b20637b194de0ee4702aeec608babca4a527f8acc7af1b95c93b9f69d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e783f4a7d391ff07cf0a3fec7f028dbf

SHA1
79e8e7fb80a4dc830d241d5530ce66f9e6befd9d

SHA256
f6db18dcbf94baca14b18059d5ba8803c17f08c170b159275771da37bee317a7

SHA512
3d7b70db5e5485731d5d59c2f58f3d56984483ddd4415a097309893d149c89dfacc5855fc338ec28bac5ac32dcbf60e5872d221048a5ef54795abbf6fba55a41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
33e9b303b5de7f3d920475f38b60c88b

SHA1
a143be88e01046f77954700ae7bcc6eeaf5afef8

SHA256
2225486809c19352a3d5997156a0818359de83f187af0408234ac4d56162ed6c

SHA512
aea3a69c2a639b21db93af7cac4b23b9d40a948ddb85ae2fdf4c2ddafdf91428d3c3c0b8e39750074cc200b5c5984af6f933f9dd260ca44455ae70c075bea174

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ad310e997dbe48002b99023cb5eb72cf

SHA1
89d885d197b46c3be553e48d566cd2b3ba28873d

SHA256
5ad775a2c605c6b4512fd8e825ef8dd3812c395b856ee723c2524f24bb0d42e8

SHA512
acf03871c8708c3b369219b442e1d4297fa2858ad1eb06072af4f2a22b7dd6f12e9566be385ccbcd6fe6c82b621b4abe69d615dcbd2f305b866cd28608b9a9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0d26401228d3ee2c44fca3d8dbaa18ca

SHA1
4e72731a8355b28384ea6d8582800881c67f8c1c

SHA256
f2dc409f3f20adcfff0bd8af0527e281a14623a71516d5c270e14f520d1d57ad

SHA512
c09e097410cf62a243cf626a6898acdee9cd74d16e3404d70f1c940c34411b4ff5143da1e018e7227bd2d7c0735fe7166d5039fdfc041d2ad84ad21a7d05a339

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
da05394121b381c9098a518fb36879c1

SHA1
6fd551a73763a0bf61ef1f4592f9184137d7a844

SHA256
a30d71bbd310baa8f94b7efe6ee8b9c292d87423f12b4326e32c1b2e34303b2b

SHA512
58e55a16976c0242aca7c7ab1e40a28cd099ceba722a8617c1396b90231ea3ce517094d1ce61e7e4a250c500ef27f897c152064965ec79b9dbee214d4a0b9ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
d251c3e7ae4da8acc8c9dc1c82a43678

SHA1
4d057b2611800d13f8b4d79081fefe3c5645abb0

SHA256
606296f63c3426557dfef1fb204772491935489a574a5f17565580af3cfa01aa

SHA512
57a1a9c72ff254a736e253b3b7343eedec8cca8d5c7de0e5375041715fc086baeddca7005e150189804a4dec55b336e86d1426a1e6ad38dd8254eb30a2a17805

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
689d7fc137cc4ae2fb769a99135d7ed0

SHA1
c9896776b7d08831886e916ba00edc8bbb132bc4

SHA256
4bed09f6d71be7979a05c4f1b943f493e0cf11790f390d2ea5d489d8ddf6237d

SHA512
9539195481d02ee7081887026206ded8df3fa4066584648ad4e6adce81822761cfa03a083ea7830b560e96464cbadccbf08895ea481b9c8f44379f2590d0fd46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
228KB

MD5
50cc66c572496fa07c3d39eec4f73426

SHA1
bd275fede4bb609364c8ae00dd244e24e6ede8ee

SHA256
8ed5b44871f5e3ba2e5e675a6237b5f3fe21e9cd3967d3fb8d56c2dddd322246

SHA512
82c4e078a30be5ffe079076b180a8bebcd4bf3e6d5f9d98ee990e146fcac34784972fdc6be087ca3858f816882435ccf5c498b61296b31e91ddfe8e80825ef9b

Download Submit
C:\Users\Admin\AppData\Roaming\gdi32.dll

Filesize
435KB

MD5
330f34f58ccf18d73fd3762d200a21f9

SHA1
3c5b99bcbd2d8e1a02040a8b25aebdbd274f422c

SHA256
9110eaaf2945deb7a1af94855f90ff10a342ae5ef8d70758d5924fa2371d92fd

SHA512
6df28801cdf4a6f59481e3ac93d50637308be7206958b2cb395cc74fa851bcd2e25fe5f9e926db2b537f0eef9cc32eb2a96c3e821a0c51ee57e1b8ee4aaa90cb

Download Submit
C:\Users\Admin\Downloads\Loader.zip

Filesize
322KB

MD5
b25d3cbe529738a58c8a964fd44158ef

SHA1
fa08080c3704267711e8148409ef39f6fed90e15

SHA256
618673dcbe0ad868ef559e09f2ffebef1a6d9b68b6b202f6b7d9f14217f8ea1d

SHA512
fc9d2c00846423d4d14d1cc282dcc90c9f466d9f7ba69d2c0f815ec3bb35b85f45aecc4e4d4cec3090e53cbc535945831a46f232a3c83685d354fe9945ce08d4

Download Submit
C:\Users\Admin\Downloads\Loader.zip:Zone.Identifier

Filesize
114B

MD5
6ee991b061b554c7f3d124cc74b9f97d

SHA1
15340c8d9aa8ad5ee7cdd474f106a1dd06f18bcf

SHA256
2041928dd2791121547cad62772bc2235a45f7c0aa56ad931c3d0016da53c443

SHA512
73911a3d3850417a0a237c9c5cfb8da0254c69795cb603c0dc8796d185ce1c2468adb18f8e879c178790849066ad0a45e67df201a032a017fd14acf6de8bb5cf

Download Submit
C:\Users\Admin\Downloads\Loader\Loader.exe

Filesize
297KB

MD5
cf19765d8a9a2c2fd11a7a8c4ba3deda

SHA1
63b5142b07b7773d4201932e7834ac11eafa1ab3

SHA256
60b98a0907f9721cf28ccd684b565f7f77a90565e9a2bd47f75c419472c25a1c

SHA512
b97fc305bd0d22e26abf99e302b166cd5d2bb959eddecad0f45dc978761178f5f6d47788c4ad5098313e587198abc66a3477ed42203345c20dc07db4783bb762

Download Submit
memory/1564-419-0x0000000002F80000-0x0000000002FE1000-memory.dmp

Filesize
388KB

Download
memory/1564-417-0x0000000002F80000-0x0000000002FE1000-memory.dmp

Filesize
388KB

Download
memory/1564-414-0x0000000002F80000-0x0000000002FE1000-memory.dmp

Filesize
388KB

Download
memory/2768-407-0x0000000002E50000-0x0000000002E56000-memory.dmp

Filesize
24KB

Download
memory/2768-406-0x0000000000A50000-0x0000000000AA0000-memory.dmp

Filesize
320KB

Download