lumma | hxxps://mega[.]nz/file/rFdUmQRR#Tt2_tJ3TBN_M0D_-KLrOZkuxU72Y_c_SpNpTde5ESMY/trmr/472c53960a4c2dccd5

Analysis

max time kernel
153s
max time network
155s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2025, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://mega.nz/file/rFdUmQRR#Tt2_tJ3TBN_M0D_-KLrOZkuxU72Y_c_SpNpTde5ESMY/trmr/472c53960a4c2dccd5

Score

10^/10

lumma discovery persistence spyware stealer

Malware Config

Extracted

Family

lumma

https://enhancrea.digital/opzs

https://nsoursopsf.run/gsoiao

https://changeaie.top/geps

https://3easyupgw.live/eosz

https://liftally.top/xasj

https://upmodini.digital/gokk

https://salaccgfa.top/gsooz

https://7zestmodp.top/zeda

https://xcelmodo.run/nahd

Signatures

Lumma Stealer, LummaC
Lumma or LummaC is an infostealer written in C++ first seen in August 2022.
stealer lumma
Lumma family
lumma

Executes dropped EXE 5 IoCs

pid	Process
1316	Setup.exe
4040	KKV8XLJ7RQPUZHPJ.exe
4564	HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe
1844	atkexComSvc.exe
1376	Setup.exe

Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\atkexComSvc = "C:\\ProgramData\\atkexComSvc.exe"	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5584	4040	WerFault.exe	104

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	KKV8XLJ7RQPUZHPJ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	atkexComSvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4144164418-4152157973-2926181071-1000_Classes\Local Settings	chrome.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry

T1112

pid	Process
416	reg.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\31102020__IsUrPassword_.zip:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
1316	Setup.exe
1316	Setup.exe
1316	Setup.exe
1316	Setup.exe
1316	Setup.exe
1316	Setup.exe
4556	chrome.exe
4556	chrome.exe
1316	Setup.exe
1316	Setup.exe
1316	Setup.exe
1316	Setup.exe
4564	HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe
4564	HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe
1844	atkexComSvc.exe
1844	atkexComSvc.exe
4672	chrome.exe
4672	chrome.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe
1376	Setup.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: 33	412	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	412	AUDIODG.EXE
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe
Token: SeShutdownPrivilege	4556	chrome.exe
Token: SeCreatePagefilePrivilege	4556	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
2428	7zG.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe
4556	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4556 wrote to memory of 5416	4556	chrome.exe	78
PID 4556 wrote to memory of 5416	4556	chrome.exe	78
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 1488	4556	chrome.exe	80
PID 4556 wrote to memory of 1488	4556	chrome.exe	80
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 5420	4556	chrome.exe	79
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81
PID 4556 wrote to memory of 4884	4556	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://mega.nz/file/rFdUmQRR#Tt2_tJ3TBN_M0D_-KLrOZkuxU72Y_c_SpNpTde5ESMY/trmr/472c53960a4c2dccd5
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd443adcf8,0x7ffd443add04,0x7ffd443add10
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1856,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=1852 /prefetch:2
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1976,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2080 /prefetch:11
  2⤵
  PID:1488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2320,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=2472 /prefetch:13
  2⤵
  PID:4884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3204,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:4084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3224,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4236,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=4256 /prefetch:9
  2⤵
  PID:2348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5196,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5168 /prefetch:14
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5468,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5236,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5768 /prefetch:12
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5772,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5888 /prefetch:14
  2⤵
  - NTFS ADS
  PID:580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5780,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6036 /prefetch:14
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3676,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5964 /prefetch:14
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=2324,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=6200 /prefetch:14
  2⤵
  PID:5572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5888,i,12308059934159707677,17374594288387398409,262144 --variations-seed-version=20250410-050051.531000 --mojo-platform-channel-handle=5896 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4672

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4892

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5972

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004F0 0x00000000000004F4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:412

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5860

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Desktop\31102020__IsUrPassword_\" -spe -an -ai#7zMap14091:102:7zEvent8992
1⤵
- Suspicious use of FindShellTrayWindow
PID:2428

C:\Users\Admin\Desktop\31102020__IsUrPassword_\Setup.exe
"C:\Users\Admin\Desktop\31102020__IsUrPassword_\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1316
- C:\Users\Admin\AppData\Local\Temp\KKV8XLJ7RQPUZHPJ.exe
  "C:\Users\Admin\AppData\Local\Temp\KKV8XLJ7RQPUZHPJ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4040
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4040 -s 684
    3⤵
    - Program crash
    PID:5584
- C:\Users\Admin\AppData\Local\Temp\HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe
  "C:\Users\Admin\AppData\Local\Temp\HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v atkexComSvc /t REG_SZ /d C:\ProgramData\atkexComSvc.exe /f"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:5808
  - - C:\Windows\SysWOW64\reg.exe
      reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /v atkexComSvc /t REG_SZ /d C:\ProgramData\atkexComSvc.exe /f
      4⤵
      Adds Run key to start application
      System Location Discovery: System Language Discovery
      Modifies registry key
      PID:416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 4040 -ip 4040
1⤵
PID:5424

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c C:\ProgramData\atkexComSvc.exe
1⤵
PID:3544
- C:\ProgramData\atkexComSvc.exe
  C:\ProgramData\atkexComSvc.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1844

C:\Users\Admin\Desktop\31102020__IsUrPassword_\Setup.exe
"C:\Users\Admin\Desktop\31102020__IsUrPassword_\Setup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:1376

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
414B

MD5
a88cb4e96edb09f5f2e01922a844f331

SHA1
6f524f531201ac58f9f544f60a2d256b4291c37b

SHA256
dc5b698dcbb8e209a28d342df4594072d4bf2e9d0d0388c0aabb977aa8b330d3

SHA512
fe3e789e0f2b1b77c853a2f4d6ba7e9a7b99e1ac9ab9382bc15446c3f065630459cc19c0de41388288bef5db2c1ebd1517360a163e854f40074644692f5434d5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
547b1785006a2bda2b46c900c75e91da

SHA1
0512bc82b9447858aec54ebcfa209ce07125990b

SHA256
ef8a12a35dd0a83c4a080196d7787c4ac973befb16921171d458129b08e1624c

SHA512
b4967020e1668c0d9e2df57c398e4f37b757cc3c1fd35a656d6550fc40bac6311a55d1f154eaf0da0359cb7f01f85d579079e581d93b97899ce306d1ee6c3321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\000\p\Paths\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
389fb503052d0bf247dc23b884286753

SHA1
f8a1d4c8895358646fd3c3bd6d77ba2f6746e42f

SHA256
8fe52ce4a81d450313e170248eb2161621a1a8c53f2e508b1f062a5e44891671

SHA512
0d570a27f396448e5428de0180544fa75386720ca0ec84631104137de8cd2666fe21cc510c837f49e08c870ee5807baa5247dae1319387c0c93a0027ee688fb9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_mega.nz_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
80aad24455d8fba08b149bd5d0ace411

SHA1
aec1987bde5cbd0dcdf39cc817e62e68f59da558

SHA256
e52a382a7c83a3bc88d750f54d4b094f5c877756904fbc18abaccfe5b4111642

SHA512
298f430c34ab76b239d5942e24e6e6b04002d98f4e1d5d39ed0fffab9b23c2ef88c1a7b2c9c2e67818a31cfb7cc14ae0d9cd5d85dab3ef43d97a3f10eb5e23c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
611142fab54eb304c9616085a5ff1fdb

SHA1
3a8175c11c877f1691f860e5f7a92e13a8497877

SHA256
61f4171cc1936c16601c8e4b4b2fed0b5e9cbe72b3e1561b37769c8641f50e26

SHA512
49165206fe98a5742c577f4fe67e653beac4ffea290893a7e6272dc91d0da0ec5f96c212d1eafa6b9aa1f63373b8641bbaf5883744f8f288b4b2bf9371f8eed5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6cace002260bb4d2e5d6cbc63d7edd34

SHA1
5ff036c59b2d48257298602d66b501e224fe4d50

SHA256
3e25f1e675df971cacabae84be78bab250f6e8b88c1ae8bcfd8b3b182896a6be

SHA512
5920d2045db770db0e3fe4eccecc7c2e3daf37985e163459136f6b2e38d735046c8f1a71922dd6e4a6a69bde0d06a7d6a838af8c58201daf2d091e0ecbeaacbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc9b3ca3454affc93fec95e497d6f674

SHA1
6143aafeadd483a9251424366bbe9e72474f16c6

SHA256
2a6b8fba074295ed1b33b8ed5b9ae2f9f201cb44bdb0b38b8f10ebf4c3097b5a

SHA512
05f448e568eb2dfb8111635b1e624513ab2b9b6e5c72aea7d807e44586e42c2479fce4200bb56a086841c7159a71e8c4986e067432fcb075855a892ac7165ba4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
d7dadd84ed3c27124999833093dc80a7

SHA1
056729baf602bbacdb3c0bd2d8777c2b8a9ba572

SHA256
123972fc14f6444a6103064a97bc89fd028513d0368e5c1f038401abcd1f888a

SHA512
f87140383e49b355fa243d19c8ed19d0bd4d07c8bea588356e70a0cc70cfda56925cc2e842c97b283076f038a0e5e65cc126a84d317b87ee4db29f342b3dbbe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
0f2ca8da41da82746eca22ab3b3edded

SHA1
141d5ea5f47c3d6733454911f5dc296366ede04e

SHA256
0e47999891c0abc81e5092c47b27ce1f0fe0a159d3a0ade1fc85eeb0602ab351

SHA512
9b8b40302bfb1f74b4e482b5924f56e7a5a6a6f992d1a9b3ec5fa6a0d9c24dcc0edc99d0e69c64f07b03df8a0099184508736ac139ad1e86d73f3416a7ac99c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57cbac.TMP

Filesize
48B

MD5
a5ed0a9fa5f639a9e0771c127a13e6c0

SHA1
c9a26b0277583fa6aa40fb4700440931197af364

SHA256
a888ac4197b2038d3f02e457289154734d96d4b35776eeba47c4049161f9c6ea

SHA512
c8665a59e186914ec420491322492f4863f262afe16966d411f5d84f4e2831d91705a960946ffa269541c4caad3d4a80e604344a2b0ec5e43d7fc97edda3928e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
09341cd35786169f8c91cfbebbb734b6

SHA1
7ee9b5be3e1a26bb08ca0c14a8d0893678949784

SHA256
924f20a6f8d9b1b10f69be3fc85633bf2772aa7e805eb559217600a9a3e04f99

SHA512
ccc25ecf4ae794dc9a4ade1e6d68eebe49f4f94e79147af80c4944939176ce74800efd5044d14905eb3fa82084e663f70cc0a73fd7c1cee465e099a029f4aba2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
41cb4fb943450f97e44d7af6e2e33002

SHA1
aad6d0642cc507ce16227697845570a00bcc7b6c

SHA256
dc63f6b0174a5b86f67bb137b957e85020fb3ee9886a967fa4e45cc724ee1818

SHA512
2dcc5d36436549bd0125cd9b58c520505faa75b1814ff81d54ffc7d1b46a76d20521166f7ce8a535945f66c96c23e0e9715521e57bb10ee2d873c60e21095537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
4873e2dcdc67fc729ce4cc7456f4bfb8

SHA1
a807062af81b82599759344d889407a044b571b6

SHA256
54e03eb0e50d80758cd061e5cde7191d530ac0cf37d1b92974b8e60654040b4c

SHA512
48144f92eddbf59f7b16e0c78ec2abbf15e30285e9c0cfdcce168f5d683710d9f6eb2168697def6496162f26e88fb99a002dd13b69add957b15a62121a76d353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
3eb3cc5454295dd858f8521f7cc5bcf5

SHA1
202e664220cb0ca21a6b61239cf8b3d70aa6bd85

SHA256
64e9d1c12bdf988889c1468dba873ae38978b66b11746cb26c0b26aff3680808

SHA512
1598acfbe3ce119a322602bcd5bc736e77b84977df60756950755b0db3e4f850daa6c399740cd702b1d0ba69c74c11ba071a98f9632bbf94a1e96776c3d436de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
49b0675ddccfd29471333b52ca6d2946

SHA1
135e91a1876b5571810efa033d56a0be7f4d066c

SHA256
0ceba6078b52a27f1611360d301fa14d3aad7f4d9a99ff9afc9bbd95607a87ca

SHA512
dcd7f8dd4c334e1d828de9dd16f6901336bfe165e6c5443cda968e48996c6c595f8c05082b6084c988d347233dba37d1171535500d4aa7fb99beb58ae4b2a317

Download Submit
C:\Users\Admin\AppData\Local\Temp\5PABH9DL30E8SXQ5QPI5YEZQ.exe

Filesize
796B

MD5
265e51037981a14ed99a5fc8c5ec1b51

SHA1
d12ac588953298fdaf46dd5b4af8eb4cf6b06f0a

SHA256
c4b07931b3fc37bc80d56a367783e7fa7c04ced4befec7f57ed079c38c960400

SHA512
b18aa610811c5f9bc1dd829ad90a95568e81a41e1fd1472983dc00147f65045fd91fbc498b5263ce4f4c88b041be21f186ed2ce357d3bcf86c0429ca18991151

Download Submit
C:\Users\Admin\AppData\Local\Temp\HQU9R90EX3I8FRSR9VX5AKASXL2WMIW.exe

Filesize
10.5MB

MD5
957e7d44b235699be79351c274cd8b99

SHA1
e10f2b728fd02e49c80591241b239a96a029c6be

SHA256
2e0a299e318a9a6928bc24b228e976a09c5322343bf0449620d42d04b615c739

SHA512
baed1a2ea2d0476f61e5c10389998a5335ca18d790377c27330a91700078bb09b1f93d2e7457afa045c41b866ce732903f1b1a18038b72ca8579ab62a5bf5c35

Download Submit
C:\Users\Admin\AppData\Local\Temp\KKV8XLJ7RQPUZHPJ.exe

Filesize
10.8MB

MD5
b4f95c0def652145e9a081896c1ff0b3

SHA1
96e18c8e8e7d6548d4551038951a3231867f9ba3

SHA256
6f0c30497c42675d68a4dfcddbb8b4a4699a28bbd05fc0feea91dc3c537c4ed6

SHA512
200cc62bf1c9dcc48723b252e6c4abeab45e7e20346fa6da8b4aa58d47bfa1af3e47ac397df1ae96c8c6a6d4c2f3cbf856d583d275f4c06501c2961be8a32fb6

Download Submit
C:\Users\Admin\Desktop\31102020__IsUrPassword_\Setup.exe

Filesize
15.5MB

MD5
7466bb5611d5a4b410c97aa8b189b74c

SHA1
3c119509ee337f6b08992da0da3f5ebc96d306a0

SHA256
1fb22b261ae317f32f470c87ea593e61f2ad79f8523064a712835cf94ef81ec2

SHA512
05d361a028726505d7852f7cda7929a813b47b0c18b05b1b205bba0bca441198ecc5ff1799d39b010b688461880983d88fc25577dc290d944f8553736248aa70

Download Submit
C:\Users\Admin\Downloads\31102020__IsUrPassword_.zip

Filesize
3.9MB

MD5
c64d09955fbd75e43ab73b720ec5bf77

SHA1
9efff18cbc7b5b9baf772b2348cabb141e23de18

SHA256
fa402a12e0908c69ffca1afa65f3be8f8311647540f5968de4f041d77abd4cc5

SHA512
c52f0acfb42f1ae13e13daf68437515c191ffbb967e90264a717274335d18277d26eb15e2ded387030aeb5c7ab9c95f58ea0c0b53a700bed918d251850136445

Download Submit
C:\Users\Admin\Downloads\31102020__IsUrPassword_.zip:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
memory/1316-253-0x0000000002410000-0x0000000002413000-memory.dmp

Filesize
12KB

Download
memory/1316-268-0x0000000000400000-0x0000000000582000-memory.dmp

Filesize
1.5MB

Download
memory/1316-254-0x0000000002BB0000-0x0000000002C14000-memory.dmp

Filesize
400KB

Download
memory/1316-252-0x0000000002370000-0x00000000023B4000-memory.dmp

Filesize
272KB

Download
memory/1376-360-0x0000000000400000-0x0000000000582000-memory.dmp

Filesize
1.5MB

Download
memory/1376-352-0x0000000002A60000-0x0000000002AC4000-memory.dmp

Filesize
400KB

Download
memory/1376-351-0x0000000002950000-0x0000000002953000-memory.dmp

Filesize
12KB

Download
memory/1844-332-0x00000000011D0000-0x00000000011D3000-memory.dmp

Filesize
12KB

Download
memory/1844-337-0x0000000003B70000-0x0000000004120000-memory.dmp

Filesize
5.7MB

Download
memory/1844-342-0x0000000000400000-0x0000000000CA6000-memory.dmp

Filesize
8.6MB

Download
memory/1844-338-0x0000000003B70000-0x0000000004120000-memory.dmp

Filesize
5.7MB

Download
memory/1844-339-0x0000000003B70000-0x0000000004120000-memory.dmp

Filesize
5.7MB

Download
memory/1844-333-0x0000000003B70000-0x0000000004120000-memory.dmp

Filesize
5.7MB

Download
memory/4040-301-0x0000000000800000-0x00000000012CD000-memory.dmp

Filesize
10.8MB

Download
memory/4040-310-0x0000000000800000-0x00000000012CD000-memory.dmp

Filesize
10.8MB

Download
memory/4564-328-0x0000000003AF0000-0x00000000040A0000-memory.dmp

Filesize
5.7MB

Download
memory/4564-319-0x0000000003AF0000-0x00000000040A0000-memory.dmp

Filesize
5.7MB

Download
memory/4564-320-0x0000000003AF0000-0x00000000040A0000-memory.dmp

Filesize
5.7MB

Download
memory/4564-322-0x0000000000400000-0x0000000000CA6000-memory.dmp

Filesize
8.6MB

Download
memory/4564-314-0x0000000003AF0000-0x00000000040A0000-memory.dmp

Filesize
5.7MB

Download
memory/4564-313-0x00000000012D0000-0x00000000012D3000-memory.dmp

Filesize
12KB

Download
memory/4564-311-0x0000000002BF0000-0x0000000002F16000-memory.dmp

Filesize
3.1MB

Download
memory/4564-318-0x0000000003AF0000-0x00000000040A0000-memory.dmp

Filesize
5.7MB

Download
memory/4564-321-0x0000000003AF0000-0x00000000040A0000-memory.dmp

Filesize
5.7MB

Download