troldesh | d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b

Resubmissions

01-05-2023 13:55

230501-q769aaff69 10

01-05-2023 13:52

230501-q6esmshd6s 6

Analysis

max time kernel
150s
max time network
148s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
01-05-2023 13:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Virus Maker.rar
Size

82KB
MD5

d1f61793e7898df4b27e3345764ceca8
SHA1

f03b91146aeaf753b565620a022a238830ed56d4
SHA256

d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b
SHA512

6491767f6db68886d000b173306377f3b0bf2d6db765ce4c14139c9ad09fa44e6cb75489f3858e45c4000333d2ad517721f81cc48e94de25c75c17cac36bb617
SSDEEP

1536:S0s/fG5w2aRBBNACjLkvSrfqAbv0Zarjg5AfDLCNE3Ztg/776X95:5s/+uRBmvMfzrhfbD2NStk76N5

Score

10^/10

troldesh persistence ransomware trojan upx

Malware Config

Signatures

Troldesh, Shade, Encoder.858
Troldesh is a ransomware spread by malspam.
ransomware trojan troldesh

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/1428-627-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-629-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-630-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-631-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-632-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-636-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-640-0x0000000000400000-0x00000000005DE000-memory.dmp	upx
behavioral1/memory/1428-657-0x0000000000400000-0x00000000005DE000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\	[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000\Software\Microsoft\Windows\CurrentVersion\Run\Client Server Runtime Subsystem = "\"C:\\ProgramData\\Windows\\csrss.exe\""	[email protected]

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133274301399527000"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3346939869-2835594282-3775165920-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
1428	[email protected]
1428	[email protected]
1428	[email protected]
1428	[email protected]
4748	chrome.exe
4748	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe
Token: SeShutdownPrivilege	4732	chrome.exe
Token: SeCreatePagefilePrivilege	4732	chrome.exe

Suspicious use of FindShellTrayWindow 40 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe
4732	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2080	OpenWith.exe
2080	OpenWith.exe
2080	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4732 wrote to memory of 4816	4732	chrome.exe	70
PID 4732 wrote to memory of 4816	4732	chrome.exe	70
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4708	4732	chrome.exe	73
PID 4732 wrote to memory of 4788	4732	chrome.exe	72
PID 4732 wrote to memory of 4788	4732	chrome.exe	72
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74
PID 4732 wrote to memory of 4792	4732	chrome.exe	74

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Virus Maker.rar"
1⤵
- Modifies registry class
PID:8

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb75a9758,0x7ffeb75a9768,0x7ffeb75a9778
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1836 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1628 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:2
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2120 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2972 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2128 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4576 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4688 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4900 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4984 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:3396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4752 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4892 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:3304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3060 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3000 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2528 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3100 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5248 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5236 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:3428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5464 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:1
  2⤵
  PID:236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1580 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4580 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:2152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4248 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3244 --field-trial-handle=1832,i,10678100091397122404,16450838355040457722,131072 /prefetch:8
  2⤵
  PID:728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4512

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2336

C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_NoMoreRansom.zip\[email protected]"
1⤵
- Adds Run key to start application
- Suspicious behavior: EnumeratesProcesses
PID:1428

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9c3712e0c18f73e16c12019b95034a33

SHA1
9a4ea3d447f5332a817d87a3e26eff1f843106e9

SHA256
922f8d70c49232ce207acc6533aed31e550c4990cc94f40ad6c7431e1a597aa4

SHA512
68fbc834a036abab36e8e1f0188b5467b5622dad7fd7b7fb72e7085fa615752d79a48cde8fb8899b42edc2b6693fd9192dfb17e6243a7c0899d23427de17c0c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8d689cf388cfd221e1c796dd279dca45

SHA1
be960389437011100007bc42b3ee41393649e839

SHA256
d1bcbdff7ca3ca0f8c1d68e464031a5f0c12c062216f70e652c75ce0659a60f6

SHA512
5833ca6ec564915f8fbc35461d44175995c6932d52d888ffc89ea9f273f2cb28e6cc1f9eafc74fba0b305f9086d6063e7d45b52303b13262e222b604ec26d323

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
33f2be2ed2d2852b62a5200c75bfbbfa

SHA1
878779dc0e86d096d89b2b0f27f7946396d275a2

SHA256
93859b7cd33687b86f4b1addf424c08564dcd1e94d3ae7cffd2a72a18dfaa4da

SHA512
8ff2e033bed075b31ee8961f634ad37886917baca31af1d2cdf44ca075f4afb28602318a75ace9196e6c095f847372a5df6000e67ebd3acecfaaadaf33580d64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
02b8f9f9cc1aeae2146ac206c1ea3054

SHA1
f4af5b12e825936d6fe975b6216f9d964348cc4a

SHA256
db159fec23f31008be59026ca4f5e555b380a8e9fc6f9f869fc6144554407472

SHA512
95eb6efe90c8e93266b4c3ce560fc4ff183742517b6a63efad707fc6ec0309252a6fa67b5fc7b045ff4078327c6d916bc03df03db27ee458786bf811cb191e43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d5d0906f0b5be2f5fb20e02cf5f1b0ec

SHA1
54b6d5959a3560eca9b58a083ebbed5368792e8b

SHA256
6fc0683c9ab6b43ebc4a5f63723f2c6ce207d50cafad6ffc21b60cc43cc74f78

SHA512
a98f8a78bebc5a23e3c626be75a19dd34188745a32cbd0e63bcfbb7c38f5878a830a49c587b786c9137dd1aa9f25dce36b86925e3ef695065d0cd7c75b00c9a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
582087df7acfe4283b283ea5cdcdb451

SHA1
ce5d375cf6010eb0af8b115a5e6457bf50b43101

SHA256
e8d58d644aaa26a06940737c8571080df5bd77ac60bfaa68561e632a76b50eda

SHA512
0dd6e15c1a78a407d097544010165bad54740e6edaa302d2527b332e8ed9230d5e950a48288e9659342471f33fb121aa380b48b661e35745be4b70e746675ec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8e2c9bffb2642a8a401e6770cf5b838f

SHA1
61d6989b8b831184055267cbbed92f2fb742f431

SHA256
1999b35949a734a45329af2406560f8a18a94f016c3fd9f739aa2a41ef0361d8

SHA512
4ada8657bae473a87a084957027213d185c365003e4fd8888371c04f69ceb4eaa805d9d095a64d52ad54d97d286bc9d18fecf17c7427b21e1ca162a8ad385175

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c5384f7c5327a686879dbd87752749d8

SHA1
f84665b1d4f50fde23f88f43621d072e6f3bb748

SHA256
bdc71ae53e1a726327e491fab5d4e15027097e95c95b38d6c73c4e7b39fcbce7

SHA512
ed24c58ad782445a994ca49b3c39a23e14f873d7e049009d8ba400fe032bfee0412cab9c7092a46206a9b03113046d7847c940c346a8a70a812b5b8c802f2b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5cab9b2136654e8821d48eebb4ccc891

SHA1
8ef9b20a89d23ea1bb41277e0d7878674d4fb3ce

SHA256
a865f62f70ab1dc2c1cb280ea406c79a89218b3e219cf7bd482ea9901f887821

SHA512
3e124a74a7db15d4385890d1c1deec4f7a79b526c40bc1ac79b06141e9df30de74aed25039a68f181226074eb9333caa8f52a6398e0c8931eb5fb3b48d2f9d0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
db4b1d44f801d1352fc5500493f4ad6b

SHA1
e405b81a9766d8f9f86c3ce474245494d45dbc0e

SHA256
2e34d92496be9e615022d5a4894b28d71f98ddd1192d4c8dcc0f38b2b8785b9e

SHA512
bfff7463b22aeee8370ce813d8268ad6062b520b5dd230a75b1000a9818b2ac00a88cd4a780ee6a2736e0d35fc9bba4dfde1c811d1855382533978c363d9e17e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
807d66bdce7794520e570090ff102ba9

SHA1
234902f87b022e33e2cab03dfe6f8fcd9622842e

SHA256
718bd5bb4de932f353d56a3fad0087972c6c3cf37f37614d3ed791da2ff6cfac

SHA512
474d3653e21526f66b94f9bbc4b19ae9e92847ed161cca0fb13abac9284b23bc5c60feff2e83e0a1eaedb3377a0e9b0ed9a8ec0bbc854865ecc6edba6f8d0e92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
17ec3f7a91dcc3cbcf1fbd6ecef15daf

SHA1
f637b17ce2846463af676373e9bb7083277bc753

SHA256
37b3bc69d9abe6c49b7a9ceb0a8ce8daa647c935b2558512ab5886015fec6bca

SHA512
4f71b80400e01024de382dec223be23e5c3c75f18c415467b065d13eec7fe572244b89f261bdc19eec10a2a52794107ea7fbea20385cc76bc7b5ad0f6307d703

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
935ac497b5d2fba5eef678c45ca7965c

SHA1
e2f022644d6df858265fddbe303e43e33b37a89d

SHA256
16c9c0ee7ff5f890ddc87a8eab80492b38a8b10b28014cbf344f6aa9fba66e1d

SHA512
dc3cf2ace8c3eafe442ebb60e9b3c8c7eb74b47bb541f9bac37455be54bd9d9b6469a15a5ef370680de90d9017b25016cbfbc1d01dc8b85a1ef9de541b42a0b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c6ccb0a54f9cd62ff27665f924f8cc62

SHA1
96edfa8726fed49af29850c92a38050992a8b493

SHA256
9fc1c2100cdc36d9203f1467011ff30eb0d5a16361a659e4d386681964082ecb

SHA512
bba66a13dde4f0c41dc2980fb881711232d5e3e415f74471bf7482f879e23402107dc30a8e58681980025264eefc49fa16cff370c36a90d13c97d10defe58c2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fdec85fbeb4f3329495b59432d8babc8

SHA1
d7dbb214c533470e0c75a99be0a06cf6380a97a5

SHA256
da4dde5cf0ecc15945686b5c6d072394a6c9b247d973acba62506bdae2e979eb

SHA512
214d214839798e64a7a8532a89564d34bd523583ec954a690cfae34f247198aa8042602d54c03aba3a35fa0916557214a1d7117b17c39a3681dba1035324472b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
476e357fd14e2cea18ae455235cf0939

SHA1
0e41dda801267699e4cccfd30d651e382187ffd4

SHA256
19865c314347bec53530178e23f13dfcca1325fe6b5a06b63194cf57cb6b90a2

SHA512
002c8d1a9422599cd7ee5401d7e6575115ae42eb005a62dfba2c039c75c47fbbe523a6cdb69d2432557b0d054549e8ee00a3982acf778d5ddf84ad875a4edec6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1ab0352cf0c0bf5edf2cccbccf74e692

SHA1
aedefe15ff0c2064bf84804e4d0bee066415d5ea

SHA256
06e00d779e99cd3584fcbd1f9acbb63931958a24675ed30f8d0c8a254585a2b8

SHA512
923658b3dbe9955bd258a186e6c83e1071657f4e0387de5687f65615a283611e149b23aa136cf65de6f02c1b6aeacbf3dd731fce6e6484247b3bd6d17d224af8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9a69d904a0e32239de16e23cb6a86ac9

SHA1
75ecdc44f50963bbaca4275eb6b8c037442bf8e2

SHA256
0da34d0f203eeec3d923dd4c10dd2deba0e171ef7a7438641fb5bcb0b17b0b6a

SHA512
5260f628f645428e7981f1e1e2996188860feafea4fdd60914385d22e9fef5ad90479419fe994a54d16153eed4454b1240414536b08e307b0b00502255475f13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe571afa.TMP

Filesize
120B

MD5
56a7e105d2fcf489dfa2c573dd20d5d1

SHA1
4f487a42258210241aaad1c85943441087eb5973

SHA256
607e53c196c4cfbfeaba7ccca01fadac6fd4b3d01718ec3bc8aa258d3cd67773

SHA512
867439578be2ebaf9b6bcadcb7dd2455beceaee73ff0f187e81d52b4b539d99265b84c905ae9350f5bfa7725a48702d5f1e09c3893e430cbd483bdde2de539a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\ed80e0f5-169f-4d40-8038-adf44dc79f8d.tmp

Filesize
6KB

MD5
f1194a1d52846fa811d174f670abe12c

SHA1
ecb006c7f26d66d92e2b97794e4793c084b85733

SHA256
fcce594895367c44fbe1fe59582b20fa047554466223c943eb81cc6575d0c4f1

SHA512
ce0bea6dff5485003fd93eb971b605022c71ae75a45b7060ba310a980a5d512f687ddafa78cdfaecd9c1abe6c24ce33298ef7b53f87176afd801b2f40ba61456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
57250939bf4a64264a31900a48295bba

SHA1
3680e46d45bf6937812dfc28fe037775c84f9371

SHA256
2aa870902c07ea1203bf8fbd51b22178e9f276d6e24f9606feb131ca98524224

SHA512
354ead753a74d51986770b31a58f38b86533fe0caa723da9e5cc7a73e26109f2d08d5175ad9c7f3c6da85743d1c9c7914ec710c0fed70d6c5ccf0a315ddb1f4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
309618b0a800c999f8d06bf86439dc0d

SHA1
7c9c9f5d2987dd4f5b3c8f5bc2cd8a588e191186

SHA256
625de534799b3743ee08df1268532addd9f4a4f3bf8b3b8ea074773db6c88b26

SHA512
6de1fa0628080059c1e837396877ee1109bca9316a1c6a57da8ebdb601c40663cfa9fead0ac05d005c52f394111e38d4ffe7dde702ffb56f2b873de5bfc2d743

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
150KB

MD5
e248639dda9bad3dcbee310429f07166

SHA1
3887b2df3a6a4853866d1599fb93658e069752b8

SHA256
4a3f5b32bc2f9a79882fb175db777b1c841737f5346a960e0cfd7625369cba08

SHA512
3ec99714e533356c7fe4ad9720c76df914d24e08196e843d6d3a33d476f85f20dea87d0e265344d8b5920fac4d2e5568d8abe1bea1fd5df7f8987840ad7b9acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
72KB

MD5
23846cce6aba85e0f8146ca4f4fde26f

SHA1
2caa528d9d28b9039f5cbac438d2e987bf908544

SHA256
da6f5465d3950ba97ee26157cb56c9443e017f31be1d9dd7fb37808fe1625cb3

SHA512
1eb8b9c184f60650384c9203d5fedc80b25f0f93258bd69af994c16258def96afd343267b6f2735dd5fee5a5acb17a2b7372c18a8a038dd9a44e1d3c98fdcd7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
48d0c3735acb600d989cd403573e0b22

SHA1
752e85e2069d0786a192f3dd2c5617e8a2478a0c

SHA256
8e9aa75655892d0ee18f9617acc5a50865e08c30f058af4bb6869804417c92e4

SHA512
2518c91101851e174da2ca2068e0c85f9d25780a9d18db78db30bf4ebbc553f261ef478f1b7fbeed2790abf8a124ac462d2fc893b7b56db5d36f51598934af9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5804cd.TMP

Filesize
93KB

MD5
7ce8624504d37d2b4ed30fe7f991e113

SHA1
c078209abf6d84d35b40bd85c1edb8f82b8e9fee

SHA256
2a9c747ea5071f9dfbc74890793ae2baa1075f4ee097f3d1cd604e588e5aefe1

SHA512
792d7e39f5eb6517fa5f77f0bf4c72d8ed908c05e82439c164a96751e930f37a9b8ab0118dbda7784d5f562d4a6ba30dc07a4dd33e6ed36ccaeb62ff5cd5393f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\Downloads\7ev3n.zip

Filesize
139KB

MD5
c6f3d62c4fb57212172d358231e027bc

SHA1
11276d7a49093a51f04667975e718bb15bc1289b

SHA256
ea60123ec363610c8cfcd0ad5f0ab2832934af69a3c715020a09e6d907691d4c

SHA512
0f58acac541e6dece45949f4bee300e5bbb15ff1e60defe6b854ff4fb57579b18718b313bce425999d3f24319cfb3034cd05ebff0ecbd4c55ce42c7f59169b44

Download Submit
C:\Users\Admin\Downloads\NoMoreRansom.zip

Filesize
916KB

MD5
f315e49d46914e3989a160bbcfc5de85

SHA1
99654bfeaad090d95deef3a2e9d5d021d2dc5f63

SHA256
5cbb6442c47708558da29588e0d8ef0b34c4716be4a47e7c715ea844fbcf60d7

SHA512
224747b15d0713afcb2641f8f3aa1687516d42e045d456b3ed096a42757a6c10c6626672366c9b632349cf6ffe41011724e6f4b684837de9b719d0f351dfd22e

Download Submit
memory/1428-629-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-632-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-636-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-640-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-631-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-657-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-630-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download
memory/1428-628-0x0000000002350000-0x000000000241E000-memory.dmp

Filesize
824KB

Download
memory/1428-627-0x0000000000400000-0x00000000005DE000-memory.dmp

Filesize
1.9MB

Download