lumma | 6e2abb83c7dac9f203ba6cdb4be11fe3ba64c783d197bc54221eb220f48dcd07

Analysis

max time kernel
599s
max time network
598s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
27/01/2025, 21:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

b--o--t--s--t--r--a--p-x64.zip
Size

12.0MB
MD5

3c3185803d3bc3ac05daa690ac28fd5e
SHA1

5f2a217f2b3d1eaa872c37b3094c60c33bba0930
SHA256

6e2abb83c7dac9f203ba6cdb4be11fe3ba64c783d197bc54221eb220f48dcd07
SHA512

75afdced01f933823ed37e2f3b6d2296421e255c170372d96799e81ef702ab9539d924f5851e3553cc13b6afa0ae0c9d7686513dd3287cd6eae88aa88b7166ff
SSDEEP

196608:Ypk+8bgSAY3rVUsUCi7mh4JlLFr2XrJP45CaTO7x8kaN9Sb+g896tJONKUfg9r0:lgSAY3rVUdC54JlLIX1sT2x8kPiV96tw

Score

10^/10

lumma discovery stealer

Malware Config

Extracted

Family

lumma

https://toppyneedus.biz/api

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe

Suspicious use of SetThreadContext 7 IoCs

description	pid	Process	procid_target
PID 2380 set thread context of 3180	2380	Bootstrapper-v2.exe	121
PID 892 set thread context of 1520	892	Bootstrapper-v2.exe	123
PID 4112 set thread context of 4928	4112	Bootstrapper-v2.exe	125
PID 4612 set thread context of 2940	4612	Bootstrapper-v2.exe	128
PID 3476 set thread context of 3988	3476	Bootstrapper-v2.exe	130
PID 4984 set thread context of 2856	4984	Bootstrapper-v2.exe	132
PID 4772 set thread context of 5096	4772	Bootstrapper-v2.exe	150

Drops file in Windows directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4032	2980	WerFault.exe	140

System Location Discovery: System Language Discovery 1 TTPs 16 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Bootstrapper-v2.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133824884240201068"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1581648047-808845429-2272123689-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4184	NOTEPAD.EXE

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4428	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe
3164	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe
Token: SeShutdownPrivilege	1236	chrome.exe
Token: SeCreatePagefilePrivilege	1236	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
2980	wmplayer.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe
1236	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4428	POWERPNT.EXE
4428	POWERPNT.EXE
4428	POWERPNT.EXE
4428	POWERPNT.EXE
4428	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1236 wrote to memory of 3544	1236	chrome.exe	99
PID 1236 wrote to memory of 3544	1236	chrome.exe	99
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1688	1236	chrome.exe	100
PID 1236 wrote to memory of 1444	1236	chrome.exe	101
PID 1236 wrote to memory of 1444	1236	chrome.exe	101
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102
PID 1236 wrote to memory of 3596	1236	chrome.exe	102

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\b--o--t--s--t--r--a--p-x64.zip
1⤵
PID:2072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffae7c1cc40,0x7ffae7c1cc4c,0x7ffae7c1cc58
  2⤵
  PID:3544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2080,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=2444 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3152,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4584,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4852,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:1792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4860 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4760,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3256,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3540,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3164 /prefetch:1
  2⤵
  PID:1352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4716,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=3172 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3316,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4632,i,10302763207377719441,10668005127755865380,262144 --variations-seed-version=20250112-180253.846000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:2056

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1704

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3024

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1248

C:\Users\Admin\Desktop\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2380
- C:\Users\Admin\Desktop\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3180

C:\Users\Admin\Desktop\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:892
- C:\Users\Admin\Desktop\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1520

C:\Users\Admin\Desktop\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4112
- C:\Users\Admin\Desktop\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4928

C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4612
- C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2940

C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3476
- C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3988

C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4984
- C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2856

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" /n "C:\Users\Admin\Desktop\GetGroup.potm"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4428

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Suspicious use of FindShellTrayWindow
PID:2980
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4704
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    PID:3268
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2980 -s 1176
  2⤵
  - Program crash
  PID:4032

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4468

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\StepConvert.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4184

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 2980 -ip 2980
1⤵
PID:1392

C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
"C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:4772
- C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe
  "C:\Users\Admin\Desktop\New folder\Bootstrapper-v2.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5096

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
3058264d36b1193713ee30835cf9a9b3

SHA1
43d93345c449900dcfd1f42c1150b2b9abe74a0c

SHA256
ffe01aa7a022420524a949813af009c1413d9e2dabe23771f63a9f48c6e1b1e5

SHA512
b24918124e58e1f6cb2e9c163bb37549963334d27cb660d6f056c2e7df5662bf0bc3f592c12b66179d1e5352a21e332b18a2d6ae1caeb96999987aafa34ca366

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
360B

MD5
eb9c9b86a2e4fe7a54ef80ea741e97e8

SHA1
3aeaec9efdb2277415f310de05c99354b708643d

SHA256
a59b9b4144595fc2a8a8f672aa008644fb7822821ff987af10fb2d158ec86ba6

SHA512
580602414fec6e8cdc18398f76de69857688b1c5b167abcc692f402a07bf9688373a083829f681301f1941a54dd4645fbab9e1b21e51df9ac0c4f00a2405fa3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5065c7b925aef890798a4c162d3bab76

SHA1
eda3c5f495574cce7f48744d592d847ce8013e7f

SHA256
7b8c6469ec4c69ae29d2f26a007ff838a2e53e998c2621d9cc419fbda8652d17

SHA512
2c29b2c453d267b55020d4b22bcb1d2a728b3aaa9f743e12ad3fdd16d751ac63622b4dd20aadbeb12f1ec6c48f37ea40dc0a7be828b7c00c17b33812c1ddd308

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
10045a0bb016d8283254695e652057b5

SHA1
b2c70ebacbcd1859309509eaca8dae3d2f2f3f63

SHA256
8ae14a275ef361c604bee70b7098efaaa01576ec754ce9da6a72b7263e19567d

SHA512
552925a7437999c19a178452acda44166d5745451414dc9f555b2cd6bdda128445961e15e6fc04aad63073c201328b91fbc6deb533c9edd49d3e666d64a46529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c26e1674134e2474d155dc213de44b3e

SHA1
4509139d586b37a0a28aa575239a908256a09838

SHA256
8e51c0ecf4d128b05d8cde736a5e2c6afe3eb13a70df498faa13ffb4c16bba90

SHA512
bbb678129968be1c89e6d565e1a0c56ed0bda9beb4323bc30266e5e412d1e668fef81128425dca53b4a87a4caf7078c9818fc78a055943b7e792e0183a753c17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
888a8b5e1156503ba6f568f5de365282

SHA1
b78ede2065941488269262ffe8c9ef3b412af079

SHA256
ae09c7f50d6781005c615fa5af220f75c58eca3bea44e3a7969a9b3503cc89e6

SHA512
d34e4252bcd59840231e55531697b7bc4aa0081a02e95e16ee0d182edaf486018bebf453b25db1217d2cc8a094692dd433ac2d3d0a43c2c38cebd8f5b68a7af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1019B

MD5
bee0cca8a07b7ac2c773ac154ef32db7

SHA1
ac48a3314208591f0d9765ca215b969d73f0b53d

SHA256
35b1514924e8734dd84810ace827057ff86bf025c75deb00d8c0518d57f21b6d

SHA512
453a6afbb11576161c19f25b449e4ce6662be32e1722d3218fa365b69567f7421b2d81ab854663d76c1be3f5eaf7784fcd6282a16e6e633963862936afbb8e6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
668f862d4ac9c858a881a3c13157f01f

SHA1
89bafdf26ca1035050905fe69042a8518b990a46

SHA256
96048bee4283943719f40e0db93f4487068f0ffc4f1a1820ca3f499e326a5330

SHA512
ea7e546e65240ec7eeb99051afb3224250195c24989665c48645069650c46762875729be4ff70b20bd9f8d185ce297d58b1a7bc72c20e1f495c3e76f4172ed7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e20f10a8b1e09b8f0566b45d71666c28

SHA1
466c17c7494db563da2ea10ae15f45e585a075e4

SHA256
51d8caf4e1f04750facd7f9c0de13d6fe13991e874a1acb0a0c48fb34feda2fd

SHA512
bac095d95c1b9f8cc8bb40792d0e345ef31aae009b75e03a73b706d5e7e76d2110e24149906350fa3362c5232f18878884e8142d90c2fb74a98c841f7e23acf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0bbc75a750923184308c1958f5de8200

SHA1
64e88c95d1d1a4c8923d8ef8db9460a6a03b5d3d

SHA256
149cf869700b6023cd62044799679a4941d97c4a125b36b9d3f865107f59a48d

SHA512
18f4e4f27a3aca5e69cd71b0e47c0ad985ed890fd5ab7e89565b4f8699fe1bf0c3327bab6bdb87bc9ebb58d93b28179b40197471069e4ac59edd92924a88f7fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
776862d453ec9c11919b6ef234f68333

SHA1
fd40f179b4894bd4b13123d084a884fa11149425

SHA256
da85f9c78176c8aac496a5fc1c195cdd7e1605f5cd2f7fa53eddbeba31225448

SHA512
b1a2d9dd7d9ac5740750128fa6c01ec922a9a452f9a0e3be7eb3fdd83e2fedb788dcb9e7f569b66c594fcaa221e69ea6b12c56abcb410903fe7c8f1adda73add

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5bf162fa36df5e4089115be9fddece56

SHA1
fd58cee91062ca51182b0fb7dfaa672ad7b3f494

SHA256
0ed4b3793a2ef4c804f4db0e546815367a34dd6a12fe1d0074efaa2f16e24f91

SHA512
37db6bdf4f2cf5ae70ee25f527d586ac75dcbe065860ac1493e4087e856b5424e20094724766ff49abe9b67d1b458a7e223bfb58b7b8f3c264efd9781ef0e8e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4691f27dd942d05d66a165bd2ba426ce

SHA1
3f1cf7cddfa6c63eae58fa018ba92b901e96126f

SHA256
068d2880d0f0d6d936c19b0ec66aa706cdb4a13cd5cc1fc852d6c80666c44b65

SHA512
6995bc2372e59df9a8285981a5e56aee763aabbcc23bdc50a399cb1fa8efa022e4eb07473979a7fe4f99ac2155c98ecb8393b09417d82fcb13b139415dd72fa4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c86593701e1cd7a518a7823c3c4d9624

SHA1
bb0a44257ad2203284f3db8c71fe73e2dc844c4a

SHA256
a1437bdca23f8ad981b193328a29fc391306a0b4e3831e3e245c70de9e28e5a8

SHA512
8d1a1fef7510ac4f368cfae58e04232f6a112341a00c42d74a49463bb3a3b7c592a94d3120a44860ccc19c568ab3a8d4c08fb50e30f00089bb6fb28e0dec9186

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f9c4d3fa122f575969f476c18728a982

SHA1
d0196d630bdfc749d87351e7b22d977e13b464c7

SHA256
acf9239a10609522f3374741013d3ea6ae016b655844f57c78c304ba09dc54cc

SHA512
d0f1e635ab12646b1ec81ee820034f758a58e73697b46f13a934a6fc105b70319fd0e643c55b0e91423288737eea52caeaf10903d05f2c13fcfe151957aaa55e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ebdd4c6fdf539221a5568558a809f302

SHA1
784f2b8d98058d94e564f72e74205f6c3226f350

SHA256
a6bc0a72af9762d433052f076fa8e8db627604f416b31013436e97ee7b6968b4

SHA512
6b92281d6ba35e0eae57c8a1193a2a8d5b8158d94dafcc9d1bf0b4d9a785e9a9aac39dda7c70d0c58d01a568e0d2339d18ba291a2e547016f30e06aa1ead83ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f3423fe3ad9d2f8b8ae6f15bab3eb23f

SHA1
d834aecc766da65a7f174ad393b37ed1d98e270e

SHA256
4a4b3f2a586cfc107e47d920430e35cadae867f1e2474c593ec728cc033f4ae3

SHA512
cca23b0d6151161eb9a82faf5ac547d785d6fb9f13b98412f18f14d5d6a875b8c12f13dcb74d3cfd7f465905ecf3e1b2e7bb71030726c5c59115ac961057edd6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1edb3a622a855f25a1ebe8f8a0888be7

SHA1
79131b0ea2b1aab689080460b16034152e4c07a4

SHA256
3273e253a34acb8631e27fddef9fd496108e45e4bdff20fa59086de970fbf9f4

SHA512
a3b819d06d73778461598e87a1772e1526c46843cf76da550b6b994baf317d9c21354283b21fe363a1b1ea325c519f489a76ef340566b4c8a1e7819f41a81b97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ca2fb2c2ec4136ff0587eb52d28c86bd

SHA1
4ea061cd213e04afe17e37efb4c64b08adc52a0d

SHA256
c8811153f65a0fb38fc0d1e87e6197384966f949a5a821b80519bac29bd28d47

SHA512
6a12506991d9208e467ce3067a006f57c914ab0cdd4fdb61f2d465f5e88b144aacf6d3e36ac76881e358e58c2f02207831206788ad72a4435ee5ef14ec9c400c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
25c522cbd3be6d3fa0e7f2925fa57734

SHA1
54c41a24ae71aa90e726be1ff32011343fbcb692

SHA256
5da663abeac5fcf8a75e727b5d97e4580b6cef98907970eb8b74a53723bd1f2d

SHA512
71f5a8819aca9fa34e10f4a7a38d031f4062f04d2ad9016f152f22b277ad7867f6a8b558fe86ff92e9ec23d084ae55c86715f8fe02a6960c751f22f44268aff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcc467c1cc4dd0e0fcf465cfaf91b5dd

SHA1
07cb4e82efc7ab10b70671818020b5987965cdf9

SHA256
bb3b9a28fa2540a8376a2a3ca454d634922b16e8ad73e16e96ce602af57ce565

SHA512
23d8419e99bb5c088fe92772104f546b129601562eb5d55e28b0724d15785006e332e4df1e0ce56bb8b9fc4743cbfac333dd996aaf8b6c9e22f4bc1abdd027e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e2f49248209b81abc0cc58078197ea75

SHA1
508dbcf25a6db76469372ab2e1ac072c00e99f33

SHA256
e28a811705b153a89664e8f5bc029a155a3ff0d7f949ffee86882fc470e80256

SHA512
60d20fb1a517ebf17680cda81b40b265ddc664d7acdbf5798f330282869bb353be97ac8f9ff9e1da61e8dfa4d559b1b67a7a0b4897657ff91d008f3ad23d9a31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a65e84849a60380320b4ea0274b0f78d

SHA1
dd05a8f8bd7fa20e755bfff6dabea35dcc0e369a

SHA256
68ac8cd82d3b312292b50bb2c4bb52ab7fdd02412253eca83e1154a4c097ea59

SHA512
b98cf00d897d38b80da03d258e41ddc0ddb8b6273a76bd6f90c08387cb6a0e237e7ff95d62c2ac41b39a2994d219014f33f865881ea82103700c9e1ee81f0196

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7efb73ed8725dd9cd844251965dfbf08

SHA1
a7b5e81c6103b5625a50cd4040f78d5fcaeff936

SHA256
cc09774ee20db17beeeaa42c9557db57d74928bf8c38de8ef8d1926afe1e00d5

SHA512
5c5db3400c9794ebbfe6176b8e49d6598852a8a4115a27a37b139b7012efbd3412e7ea501fb1294c719246adacbc988cdd5244b3cfaafbbb622f92743f108aa0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
c15aa985d16ad3e223583dc6f4992f5a

SHA1
750016ec23b6f7c629b2ac7a9d075b85af62ebea

SHA256
fb17b4b2cc78da089a401079fef24e207555d05a3007512343438c43f44f66f3

SHA512
a6d2fab27b1cbe9522634b3ea25da16611e52002fd8abc639f436874b8c0694bc21ce3009438552a1fd225ecce0b422d22ef76fbeb206bf3b9fb63d30e42231a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2c152251e8751ecd6a7fc05747c827a8

SHA1
7290fefb47952a54c89844ada36d16986ee990e8

SHA256
c9d39101a0eafe3d1cad164125c2152d5cb9758f3430075e9fe71a823c35a732

SHA512
052febdee8c3ef76a04229244f1867be6ed7aaafc81e4730c346a56a751659ff9ec438c043693e4a3c8d5271d0ac9f2f4d5029f7ea6839331daf48b895e3e513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e096e1bdae7243914ddcd2cc37e6a5d7

SHA1
a26f8cf3be695c079f2c311e03526c8c3d19c0aa

SHA256
8fad198912633f9599fac01497658b8a2a5ed14229c54f37253d659751c60809

SHA512
3a7bc56e43414aca53e3bc115c3f52c45a723f6a8ddaa2809c923444ddb045b9992bf5984dafe02d1bf7dd7ef647008fd3f358150f4c4a4b089263a7b230a25e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
50657250f58219742e37bfec1d5d8ffe

SHA1
b1fd041940239af0655a1d1da1a2b96095732f23

SHA256
32f57735e9fce11d1e53da05437653b579e188176f15990332f86a0acf26142a

SHA512
48a547023e0f6b28fd0523d77362a97996b8bf6becd209a694b7690dda7356a5511e82dbbec8487569f4e98e14363629e7510d746cec5fdbe84740413eee9c75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4af188d3e686f5e345bce58ed7e2fca

SHA1
07e635bba421b0046a3f16f677c5dc37c104512a

SHA256
91c899a3c3d5aed7332005eafc3ab5495d60954b7c47b6f8c98efb96856f1daa

SHA512
a1423027b4c45a9d44aa6dea79da685bfc6e588f05fb843b118272a303db55a865d1f834178cca26f45361b634bf48ac2c4f47f2d67c254140e8be7443dd9b77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
44ddbeed74f4f127081aaf22ca2f1de2

SHA1
76a57fc9bfc04e9014c328113feb35f72128a9b2

SHA256
544518e9ce854af648a40b1033962a7d626613cc5e3d1ef5519d0f18b326a352

SHA512
561fe39f5b23403a132ba1395be5a92594871b267781f168ae10ee7afe27dafe6ca7aa7cc49bb1e98b48779719cdb0672555e769a0c647e07b10d9942115876e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a545a49d62c9e5be6aa9d2d058f0c5ff

SHA1
95556683b03b7671b422d7d3a4c989a01d38f2ca

SHA256
02a295d02a6e357cb9d83ae98e5764ae2d5fbdbb8cba2ef6e4f1ffb3ff22a745

SHA512
31951f132036819e664cce747181100b4137e9aa9bcaed725403a1f62198edb085b968ec2ac56df472810f2c747d2294eb3bbad59c735b987c43def153f6d436

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fa81fea8dd82d622c24941c2aa069c6d

SHA1
36f16bc9b4628373e42da9c6b2ef72ebfcf2fb4c

SHA256
3dee37cba73cbd5e4208eb345bb6a91af859f99b333998d1d2daa4cc4337078f

SHA512
855b8cc1d32225cf74ef63dcb34ff47265945c196973eb3b2e29a6b00ca1852af5348a4c0ed5b5ca14840e7d936e74b2d2c3459889104e060216b5109a48f922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dee118fd6b820dbf2875ef5193178eba

SHA1
72bcbb0a47cbdd54781144b9a303b86c26140307

SHA256
fcde91ce339fbd966242919173ffd00d23246486da09f7ccbaccf5dff6af801c

SHA512
e2bf3a4b46924a991ecb5aba2fb299f6ea7429e797bdd91c72705697afd9df96342483d2363747b55283472400802954f32f24655f7bf259e3ae657532b8cd0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b1b78e6787c86fd9957708813f486138

SHA1
fb654b034e6dad80525f561e767ecf93438736de

SHA256
508f5ec81bc5f0a4466dfc510870b2c55726005ed89a69f53ec5ccaed191d90e

SHA512
91cf41a2bd1faa01e826287baec9261f3e6beb1bcbeab4797265e7b4a70ed9343e7d8ad50c50ae1be75efbd2e66626eae08011a782f50db96fcc511402bad478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bd9f0fa7312c000e32f38f067bce1eb2

SHA1
c962ad524b131c9917a9c4c46e0b78f28258a44c

SHA256
929364f198d78ab5b8789eb9f7770fa79d52a15f3f885e41d7f2b35be4dea7a6

SHA512
baaf2f3f9f5bb0f2e5a86897a212c5d2f521e198c154092b9e15d7457cb495d8a6069dace4602bbf37460b00072567be3b774f6d69703bcecbf72020b7303ee4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6fe856db1ea3af48dad4d2382ba0975a

SHA1
96100c6bdce6876d48df6eaa3f3f550fd6f3952f

SHA256
75608437a749b112c63711acfd89cea4be5082c68864f01dc67c77029a2729d2

SHA512
97d004e0a9b2e326fbb5d5bf8ea5a5409906f8fbf42280f1659f901df8d83132df3fe0d12dcba7a3e06f301dd687cbb232bfdec4cdf29aea0fc621d0a06fb0c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a26cb23b211a4a5a15c74300187074d9

SHA1
42f9d6ebcc70fe6f879c2859afdde6cb5a8eb8a0

SHA256
69f31aef38381ff8c68b1cc3d10db7f06f9f6c8373f28bb0f1a564856b185141

SHA512
9e31221196171d58e816e23c61129d42efe9cc03930f150f8377073ad361ed03d3cc18e6677472eb4771e07c05c1bb8e52da3780dc345695729a6348009efc3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d8d783a64f860948d5973dec0e79cf45

SHA1
5f5b52b996d5746f93daac7797bbee546975cde4

SHA256
8020890034424cfdc51e3afe189e34a8b6796e521c5bc6aaa105f73a449bc470

SHA512
59b15173868425bfe9ac7f6122b50252e86400d4bbb414219a73d8c59c4c96ba5ab27d72d3f88b294a76ccb409a10cf2f9bdd103c0f8d84826e84849772241a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ef2e59435f532e922807ea80ae5a2922

SHA1
2065cb2b24df4183dd85897d62fe3baf97311873

SHA256
c4a5c426022baec27f2a41084b951b867dba296c83d380e4a11791d4159335fd

SHA512
f4a2aad3c32f52dfe5709e4a7d3354c8bb355fa991043e9f5e4c7a03a5744b457aa3c10bc09a7bec09bd181eeb519436094730762d650527d47452eabcbca48d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
463c774e57cad1dabdc734c86ff2b0e6

SHA1
0226754c60266e79a20d46e17a7b682724242e1c

SHA256
b757ed988f2d0634c8cf6a6134eb12efaa66d9dc7eb777cc121d02c7b990ba04

SHA512
16ca08ca33f5774d2f4cb6bd2dbfc579d44776ea634b79eeb0cfa97a6022e53b40b092a72fa7d93991cc1a0035acb32cecc58c5de542cda1dc6b50f2d28922b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
235KB

MD5
e39e3235d59e28c6b28117069f10f3f2

SHA1
4b50e05bceb06069f6b5e5cc4bc41da0bbbfc6d0

SHA256
e9f8cad655b2ad7b4ffc3588db8906515833e4dd28b17b16fa0930341e0fd90b

SHA512
a2352938bb4cea0e5d1fd014d9a9d0bf0879d059b764b9efd4ae4c94ab828a885d60d1fbdb0fbc27f950678183cd7f0675a9e336cd09ed4adbe7615448b5e01c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
236KB

MD5
fb58c062eba0c86709098612bb7990c2

SHA1
11372a201506b1593e651b4bade10eec8067fddb

SHA256
899dc785e3996ef91d9ec455dd8cf3d99459f50348326d5662dd100b3b531fc6

SHA512
7b38dcc1f3cbd56d6d52f23518ef8882b0bc3c2ade9bdcdfd85a4bdd844fdbf5d1c740abcb605990811cbc48ece7e7254f84d6c240b41032c56e3b77ebbab8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
987a07b978cfe12e4ce45e513ef86619

SHA1
22eec9a9b2e83ad33bedc59e3205f86590b7d40c

SHA256
f1a4a978ce1c4731df1594043135cf58d084fdf129dd1c8e4507c9e06eac5ea8

SHA512
39b86540e4d35c84609ef66537b5aa02058e3d4293f902127c7d4eac8ffc65920cb5c69a77552fc085687eed66e38367f83c177046d0ecb8e6d135463cc142aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
654fb390938402cefcb4077da948a557

SHA1
996ef193abe347529c728a1e37ba973018167fe3

SHA256
1c62cee2b194285e8041c2d2c70327753f0191d395abb241c082efdc69fbd7bf

SHA512
a67f6bb05cb96e1717ded7c601f754b6697154d6599636b224fe097ebcf4e354ae8b5f10486d62bcd2e40451f8b1d6cfa6439881e58766060f094785690eaa8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
f88e243b88f9f171e9a4125ad046c534

SHA1
832848acc223607180d3d896842ae77aa041cb13

SHA256
4b84b496f2ef56246125bb1fef6e19c4741f0340da293cdf07a921e5f11532d8

SHA512
55595c62a019e0d26c72a27f1cbbb0acaf91e650a9fa5a51c517621327b61a5eb565d6a18bd0bc0ab4a0fbbbd51f0fafdb2ec965740c9cb5d7b04dd5718f20d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
7e47e24804f9396de22201fd8d251251

SHA1
8085fd95092541cca6b2c6352a2dcff1502511c8

SHA256
be2a7b76ad3d3ac8abc7b6709d83731221b4b96e107a09a55ef7490ca84e6943

SHA512
9ea5bc09e86a08923c3dc7c97c6b53bf536d4d0d9a8c6743a58a7f40eaa5bb31ec1f2b52bec52653bda18f839947a26024e5be83163ca5d1b234fcbca8cbb18a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
f7d7e269ff41e43bc2025a78dd0a02d0

SHA1
49d5a11385b48634a8b6211ccf6cf7a444641e1e

SHA256
437e3892bd2f5942423291f84de171fdb429ce6a54fa9e7d0203b19679d9fff2

SHA512
e9938abd58241cf9d73151e96f5920c8f55217e5b5dd6ce4624eb3900118a9addf44e072d363e5bc8270f1a848c9fc393dffd2388c64d747769a70edf232114f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
3deb90328f0275abde7bd35a54e3fa41

SHA1
1292048408e0e8cb0d609ed91a49eab81ee5445a

SHA256
9f35f3aee89221c5ca5c84a7a7e953bd61f9ad050123fc6e7bf46d0058de969b

SHA512
50a178e8330619357a0bce9e486e6d7d2631a2f44635be19e3d73b28f92d44eaa37541f6871a67dd339d8b6f9d244a92c85f4c5a35a6690ba580d66c6afb9ebc

Download Submit
C:\Users\Admin\Downloads\b--o--t--s--t--r--a--p-x64.zip.crdownload

Filesize
12.0MB

MD5
3c3185803d3bc3ac05daa690ac28fd5e

SHA1
5f2a217f2b3d1eaa872c37b3094c60c33bba0930

SHA256
6e2abb83c7dac9f203ba6cdb4be11fe3ba64c783d197bc54221eb220f48dcd07

SHA512
75afdced01f933823ed37e2f3b6d2296421e255c170372d96799e81ef702ab9539d924f5851e3553cc13b6afa0ae0c9d7686513dd3287cd6eae88aa88b7166ff

Download Submit
memory/2980-509-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-530-0x0000000007340000-0x0000000007350000-memory.dmp

Filesize
64KB

Download
memory/2980-514-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-536-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-486-0x0000000007340000-0x0000000007350000-memory.dmp

Filesize
64KB

Download
memory/2980-535-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-488-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-489-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-492-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-493-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-491-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-490-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-494-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-495-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-534-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-498-0x0000000007340000-0x0000000007350000-memory.dmp

Filesize
64KB

Download
memory/2980-501-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-504-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-505-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-506-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-507-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-515-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-510-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-533-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-513-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-512-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-532-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-511-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-508-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-517-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-520-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-519-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-518-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-522-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-523-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-524-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-525-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-527-0x000000000A710000-0x000000000A720000-memory.dmp

Filesize
64KB

Download
memory/2980-528-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/2980-529-0x00000000051B0000-0x00000000051C0000-memory.dmp

Filesize
64KB

Download
memory/3180-259-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/3180-260-0x0000000000400000-0x000000000045D000-memory.dmp

Filesize
372KB

Download
memory/4428-407-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-412-0x00007FFAB45D0000-0x00007FFAB45E0000-memory.dmp

Filesize
64KB

Download
memory/4428-409-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-410-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-440-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-438-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-408-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-406-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-411-0x00007FFAB45D0000-0x00007FFAB45E0000-memory.dmp

Filesize
64KB

Download
memory/4428-437-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download
memory/4428-439-0x00007FFAB6F90000-0x00007FFAB6FA0000-memory.dmp

Filesize
64KB

Download