arkei | hxxps://anonfiles[.]com/6bicachezb/Mars_Stealer_v6_1_rar

Analysis

max time kernel
323s
max time network
322s
platform
windows10-2004_x64
resource
win10v2004-20230621-en
resource tags

arch:x64arch:x86image:win10v2004-20230621-enlocale:en-usos:windows10-2004-x64system
submitted
23-06-2023 05:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://anonfiles.com/6bicachezb/Mars_Stealer_v6_1_rar

Score

10^/10

arkei locky default ransomware stealer

Malware Config

Extracted

Family

arkei

Botnet

Default

Signatures

Arkei
Arkei is an infostealer written in C++.
stealer arkei
Locky
Ransomware strain released in 2016, with advanced features like anti-analysis.
ransomware locky

Executes dropped EXE 4 IoCs

pid	Process
4520	MarsStealer_Menu.exe
3972	MarsStealer6_cracked_by_LLCPPC.exe
1688	MarsStealer6_cracked_by_LLCPPC.exe
3088	MarsStealer_Menu.exe

Program crash 2 IoCs

pid	pid_target	Process	procid_target
3660	3972	WerFault.exe	107
220	1688	WerFault.exe	111

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133319733022870576"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4025927695-1301755775-2607443251-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
2632	chrome.exe
2632	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1256	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe
Token: SeShutdownPrivilege	4668	chrome.exe
Token: SeCreatePagefilePrivilege	4668	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4708	7zFM.exe
4708	7zFM.exe
4708	7zFM.exe
1256	7zFM.exe
1256	7zFM.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe
4668	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4668 wrote to memory of 4132	4668	chrome.exe	78
PID 4668 wrote to memory of 4132	4668	chrome.exe	78
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 5016	4668	chrome.exe	79
PID 4668 wrote to memory of 3808	4668	chrome.exe	80
PID 4668 wrote to memory of 3808	4668	chrome.exe	80
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81
PID 4668 wrote to memory of 3188	4668	chrome.exe	81

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" https://anonfiles.com/6bicachezb/Mars_Stealer_v6_1_rar
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff587d9758,0x7fff587d9768,0x7fff587d9778
  2⤵
  PID:4132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1764 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2212 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:3564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3204 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4548 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5124 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5220 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:1396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5380 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5188 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5280 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5032 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:3256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4892 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5336 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:4284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2784 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:1116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5896 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:8
  2⤵
  PID:712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2812 --field-trial-handle=1796,i,5803258173204591602,4580703774398463146,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2632

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2572

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Mars Stealer v6.1.rar"
1⤵
- Suspicious use of FindShellTrayWindow
PID:4708

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Mars Stealer v6.1\Mars Stealer v6.1.exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
PID:1256

C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe
"C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe"
1⤵
- Executes dropped EXE
PID:4520

C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe
"C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe"
1⤵
- Executes dropped EXE
PID:3972
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3972 -s 252
  2⤵
  - Program crash
  PID:3660

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 420 -p 3972 -ip 3972
1⤵
PID:2116

C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe
"C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe"
1⤵
- Executes dropped EXE
PID:1688
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 1688 -s 216
  2⤵
  - Program crash
  PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 1688 -ip 1688
1⤵
PID:3256

C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe
"C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe"
1⤵
- Executes dropped EXE
PID:3088

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
85480db9ab3fd304493a720deaa5d15e

SHA1
4593d07313a9182697bb48dd7e25d2da53160a67

SHA256
de8094d3fddfa46d4373e3618d4d37f8ddc9908c2e54286b375fc07bd39649fe

SHA512
17c0db70f89126cf2aa448af59ade91b3b8a9ea7bd1e1a1bfb80451f4fad2d347faf30ef926952daf2850a2c0a31649cd8cfbd262d242e8e3fa358d23d352b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\681cd043-caf1-42a9-81ca-020e51134ef3.tmp

Filesize
539B

MD5
20d39fa495782d1e5d54822b48c40c41

SHA1
a430e1f9f1fc1655e0dc547729a99abeb125bc20

SHA256
b28df10f10358e813cad36833acf30fdca0bb45b9055772cbe447dccf1d29164

SHA512
517463403904c16d3b396302352a36d371078c5877a05b2dde10bb12d4c74f6c43222c6eb6518eadb048168659a5f00c90476277c893c6fa0768c98bbe6fcddd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
a61267a8c32ba84357be342e9238c889

SHA1
c011db21bfa4a3a7b43e9c6cf0e8dfe9d0a0c4ab

SHA256
a7f29303fa9a7194efb4c88d23e50d404c01b18ae34c89a08a13a2fbe1f69f7b

SHA512
c72fc52272d170a3e57c73207b707be5b1b63e017a6aba84cd5740cbee412cd7cedcb1911c077c120a8e20b275c2e854edf2465d65ea9b4cdcf899199b676a81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
fb000eed583677441b274c34fb8c92f9

SHA1
4969706e829ca84b577de617cf2e2f99c3bb46c6

SHA256
6b6822a3a5245d1ceb2fff6f4839d4fb46e8922beb28c4ebf57526e82b8dda2c

SHA512
c07c456ecd29a51556ac4b1f869de08e53e2ad811b431d7a94f3d4b3c78b9f94188dd65681ba813e9676360c2b87a07b6b878702a934cec50e779cd3b24c3519

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
874B

MD5
00523e6a3f675881111a957effb413d1

SHA1
77e9ed46d4db9c69a4dca1b3d06c473b16143328

SHA256
3b68683f81d283a1b6d28ac4f215aff427bd5a8031609cf27177bdd0c64391c9

SHA512
cae54886c7f05ab1e80128c763dda78bd5ef9c75b185df92035c8fc46f5351349965a5ea8d0648f936daa2f86ebce20c32a2f4766e98154eae1288f1790fccd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7bc63c5a8cfc1feb18f60e3c5d9c0040

SHA1
70059cb12d1350c180e00fb5bb74a2543812593f

SHA256
7a0c7506cdd1ff5217f44c1aa171ca638e8c190d443e07cc2b91456e23207a8f

SHA512
ba64dc8344f02cfead09b205e7dbb0bb0fb9af4ab88c807a47ecce4e8d749abab8d123210f9fdbe3de58bfc8f9eb55485b1dc2bc5d0a882b0012eef304f6f43c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
f54e6aa07c1d50aebd7ff8a08cb788af

SHA1
2241739b66c7acda0e1f5dcf7e9e3e0436a3a55c

SHA256
33d2b93d17860082d3570a52e4cf1ea1a522293f44bfb16eae9a3a241f72e1eb

SHA512
953ad233e7b4fc897693a8ccee9c79f0c0457b2e4d894bda796f2537e702bf83a5da1ebb509264666ed0fd3b3010a52bdf6120b58ae796bd929f57a602b127f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c5b8cbe728ea74db0dc0b758d3262ec6

SHA1
fd95790981572b9e670a15bd696f76f1dfa209f6

SHA256
8026e69e1fad14479b79085cdf1183c9502088ceca80502b88514186465d8521

SHA512
596aa65c4da5e44f4cee44918f8e6c91fb962be2b820293c15a0650c0325e815ad6faaeb80afd9974990cc0e74e9ef3eded98289b50c5264c36beab676ec6fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
9b85e20f72fd975f19c55cbb06023072

SHA1
a4d020b4c4496d89f81fec19d4c2d1967b221ca8

SHA256
0aad8e5cbbcb11c616027683ad881ceac0cd45786db1c4730589477e8162d8d9

SHA512
c82f303937b2482e23ef38f79b81b1168fb6ebbce82672ca41f97aa1e8df2df4bf5f19fc83b5e187063526a3ecd98986dc4ede634ec4f41810e8e5bb90407af1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b3824cf6b6ff578ebd57e14c3a3410f0

SHA1
9495ffe247a5c0c0c68c1524fb1beb413772f04d

SHA256
3fff17493341d06db3e58b86a903e38625f2f3e667fbe50f045127026c93fc89

SHA512
2ea63d47c10a251022586eba6c2c6f0855b7884b3ef2a6126af8d7bc373a8eb4f73d5e009d4a92019ab7bb0db3eef3265647f6447b71d4f86232d6caeda28021

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
7e9962d5b467c83d7b248e9ecb5b2757

SHA1
e0c9ba7a0e82055827e00e4eab9ed50ae29a4350

SHA256
70b019f51456715ddf4b7930aa8376f51063827d930d81b3961505088e5c3485

SHA512
d89c7125825749552ba20f8c8db8a09b9d841dbf7ae9583dcd03f340355430cb834a67e71282d9ec243363e7335e8934e7d21521a71129663de972a0d38970f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe56e321.TMP

Filesize
48B

MD5
00edaf786d7ed90c0635abcb0355823c

SHA1
b82d13fb7ef4aa54df31b2538d0e4cde017a976e

SHA256
4caab7bfb506ca89cd3cedbc288b36652005752a2e9efd43e0e89498aebde7b5

SHA512
af42b3f22b2163f8aa34ccbb92209f31496a2f8f35c9e42cc0cf89c6507e104dd98b9b2fa6134cdaac249528429eb2017376f93817c06fa66995d6b6cb5929d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
620bb10bd7634f12abd057d810dd7a58

SHA1
a5cc886213984cd6d4be7c79ebb60f6e058458fd

SHA256
de07d67326b18ebba314fd4a7ae8d9dec1a63f483a879815bcc355f5e79b50e6

SHA512
26d8e69dd67c44403203ef9a0e611b94f11dd071274d840d4d8b820c4ad70a0af8982f0b1b4a3e083aeb6cf1904b4417bdaa7545a710e04fccafa9c471c3a289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
280b1138016d9b472ee65b4b5dbb27c1

SHA1
04289e6709229bdb4bada4ac7f88f180b259712e

SHA256
368ad486c07ea130baa09e34e82f07164ae62bf68e14c9b44c7bb5281f04dbfc

SHA512
6f79a35e08e788be97998965d535dde8d7db6bc8d6d9f77c984cb897ee5f9cdca6294cb776adaa92354adf679c32dc7bd0e5dcb1a1d4ee99b45c1882c838fe0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
5e311f126517bc554a294bd89e5a7555

SHA1
876a69891659c92e2e6c26958b17db9dc128c489

SHA256
6916b6ea605fa8dac2b9ed4463eccb983ae71487491184acb6d9596e93379fec

SHA512
27351dd440a5bc3a6d7f00f4645825b7f72c0d010a2542c8daac0e51dce4b9914b8ed25b3f3743ac7fc0f9f14bfb5474259e9133eafe7c2eb702baedee085d76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
174KB

MD5
4b034dcb5a28ed932562e216bde025e6

SHA1
2957328c692da7c064dc9e1e6f08af9a7782201c

SHA256
3d06e255a75d2097b01b2ea04332396357f976bdd02c92dca469a6581165c510

SHA512
19d6327f8daa07af8233ef44fab926fd2ffa09292763a2cea8706f200d74457dbf007831d52af4bef2a7044c2aa7aa348e5d99a4b75cb1d2464b51786f4b52dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
567f737327a5e3e4e5d2924d6ba77850

SHA1
63c17ca4b3516c230053f5a77312e27a3d18a839

SHA256
7e6c1d7c0a4f9b3be7f8e6658e4dc19b13c34a0f99145181e2d2f5fe22b4d14f

SHA512
898b8cd19505efd067110e37675665a68069b88f9a400c4d59eafe2a1430f09ba1305ae46fecaa24d25ab6099ea624998eb1f2ecc611f2e44d66756a5482e288

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
db8bd9af35ffb4da7fd16677d94b58e8

SHA1
cd908aa2d7245b9db6c758e29e9fd2e988d82ad1

SHA256
f77cc631bbefc778c2bf8afe1f07127d625eb5ba1ab7e708e09270e147b5b231

SHA512
a24cf427189d3f590773a257e4c4afce39237a149c6bb97774d64b7ab0c12a02c5b3204b61f73032cb37765bd6140bfae6ef94c5c57291a38759ee102c5dc041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57542b.TMP

Filesize
100KB

MD5
afa76c61600a0fbc29953a0d9dfd6101

SHA1
777ee447d9a8059c167f4a18b6d328f6416d3c7b

SHA256
978290c9fd6c75e7ff8a5e75746e27c01708192291b9de86e31fdfb76825beb2

SHA512
8b2336441323c2b93c448552a09c61ab99f7eb886b89f0d3c675814679d3c09eb688c2c6a1f696fc6c0af8707d1d70969820cd099e7501ee248ef543fbbd0d0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8E4B0C29\Panel\panel\assets\images\flags\re.png

Filesize
545B

MD5
c1cf1874c3305e5663547a48f6ad2d8c

SHA1
0f67f12d76a0543772a3259a3b38935381349e01

SHA256
79a39793efbf8217efbbc840e1b2041fe995363a5f12f0c01dd4d1462e5eb842

SHA512
c00e202e083f703e39cafbb86f3e3f6b330359906e3a6c7a6a78364d6adeb489f8b8ab1b2d6a1b8d9ef1a17702cfc8fc17219cf1aae3e5a7c18833f028037843

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zE8E4B0C29\Panel\panel\assets\images\flags\sj.png

Filesize
512B

MD5
559ce5baaee373db8da150a5066c1062

SHA1
ee80e5f63c986d04f46bff10f639113c88107ced

SHA256
f8dc302371c809ebda3e9183c606264601f8dd851d2b1878fd25f0f6abe2988c

SHA512
c0ca7595cdd2dcef0385ccb1c0d15bb74accaea63b9531233bddf14c1791ffc9712dff660292706cfa269a975d29d7a189885cd09046ac6d8ed39a57ec9557ca

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1.rar

Filesize
7.3MB

MD5
022edc2b90426455d459ab3904c978b2

SHA1
469de313638476141692ab81b6758698144ed3f9

SHA256
de319e8bbd09e72378baf00e2b6e664f1c75ca21f2a0e24782ec543857d23e23

SHA512
0bf8ca2e76ebd315a48a5674a70781e2f2ddd923004f88cfbeb1706cfac302639d8a9323c9135d987df4caf74ff7ef2614b35815fc4dbe618b648c5ed8aa7532

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1.rar.crdownload

Filesize
7.3MB

MD5
022edc2b90426455d459ab3904c978b2

SHA1
469de313638476141692ab81b6758698144ed3f9

SHA256
de319e8bbd09e72378baf00e2b6e664f1c75ca21f2a0e24782ec543857d23e23

SHA512
0bf8ca2e76ebd315a48a5674a70781e2f2ddd923004f88cfbeb1706cfac302639d8a9323c9135d987df4caf74ff7ef2614b35815fc4dbe618b648c5ed8aa7532

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe

Filesize
107KB

MD5
41c1fb2f4bd3c65cb0030b1f47a46084

SHA1
199420219f0096cfb156945a54933a03144da70d

SHA256
f335705b83540e68ddd17c68232c2f5ca67b0479cdc3ad8ff11931db6c134764

SHA512
93d4778a35b766b17824c62817421ac224027d6b699afde1281aaaedff7443d3d2c29d1ded98dc1dc318a67d51c2ad3f3b6df83b1c247da9e534f27ae7b0abfe

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe

Filesize
107KB

MD5
41c1fb2f4bd3c65cb0030b1f47a46084

SHA1
199420219f0096cfb156945a54933a03144da70d

SHA256
f335705b83540e68ddd17c68232c2f5ca67b0479cdc3ad8ff11931db6c134764

SHA512
93d4778a35b766b17824c62817421ac224027d6b699afde1281aaaedff7443d3d2c29d1ded98dc1dc318a67d51c2ad3f3b6df83b1c247da9e534f27ae7b0abfe

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer6_cracked_by_LLCPPC.exe

Filesize
107KB

MD5
41c1fb2f4bd3c65cb0030b1f47a46084

SHA1
199420219f0096cfb156945a54933a03144da70d

SHA256
f335705b83540e68ddd17c68232c2f5ca67b0479cdc3ad8ff11931db6c134764

SHA512
93d4778a35b766b17824c62817421ac224027d6b699afde1281aaaedff7443d3d2c29d1ded98dc1dc318a67d51c2ad3f3b6df83b1c247da9e534f27ae7b0abfe

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe

Filesize
4KB

MD5
275d080e60231dd6400eac3a2d498ebb

SHA1
2218c7f02acaf83bede7b7d8f1442f0a9bd35da6

SHA256
84858a03a3138502f57a2ae5b206db65076b14bbcece3528e43fe439aacdcd22

SHA512
8debe29efdb7b2831c147404c6ce78395f4fdc9b95955a2d7da6a55514e149511ee9c36df63f63c8b053c3efc674422d4871e59db984564d05805bfda70e1dac

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe

Filesize
4KB

MD5
275d080e60231dd6400eac3a2d498ebb

SHA1
2218c7f02acaf83bede7b7d8f1442f0a9bd35da6

SHA256
84858a03a3138502f57a2ae5b206db65076b14bbcece3528e43fe439aacdcd22

SHA512
8debe29efdb7b2831c147404c6ce78395f4fdc9b95955a2d7da6a55514e149511ee9c36df63f63c8b053c3efc674422d4871e59db984564d05805bfda70e1dac

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\LLCPPC_Builder\MarsStealer_Menu.exe

Filesize
4KB

MD5
275d080e60231dd6400eac3a2d498ebb

SHA1
2218c7f02acaf83bede7b7d8f1442f0a9bd35da6

SHA256
84858a03a3138502f57a2ae5b206db65076b14bbcece3528e43fe439aacdcd22

SHA512
8debe29efdb7b2831c147404c6ce78395f4fdc9b95955a2d7da6a55514e149511ee9c36df63f63c8b053c3efc674422d4871e59db984564d05805bfda70e1dac

Download Submit
C:\Users\Admin\Downloads\Mars Stealer v6.1\Mars Stealer v6.1.exe

Filesize
7.2MB

MD5
660276953e84a66a74df9e7fd292c037

SHA1
9c96a70d650233c50421e6ac3fd20a9bec512293

SHA256
f14bf6c7f21d651a0bf86dea3fae7d497d4e16cf3ab6028a5af5575d18cc63a8

SHA512
57ca2dfa304d35182563deb64a959a070cb9cad60232e097fb09bbd872c0fa276a9b2cbd5462fbd7c724d445b5901f24bb1bd0aff417e9783164734f207522be

Download Submit
memory/1688-1067-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/1688-1068-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3088-1070-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/3972-1064-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/3972-1065-0x0000000000400000-0x000000000042F000-memory.dmp

Filesize
188KB

Download
memory/4520-1060-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download
memory/4520-1061-0x0000000000400000-0x0000000000403000-memory.dmp

Filesize
12KB

Download