8ded9a82ff038ff7efdb0f26de3bf8c21a8b8864ea6af72321f27ac68a578a5b

Analysis

max time kernel
123s
max time network
162s
platform
windows10-1703_x64
resource
win10-20230703-en
resource tags

arch:x64arch:x86image:win10-20230703-enlocale:en-usos:windows10-1703-x64system
submitted
19/07/2023, 08:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

7.5 - @LOGS_CENTER #4.rar
Size

274.7MB
MD5

ad83c830f323b13471bfa1a49fa4e8da
SHA1

563949c3052df30ac32b3628356f07a5b8908c43
SHA256

8ded9a82ff038ff7efdb0f26de3bf8c21a8b8864ea6af72321f27ac68a578a5b
SHA512

8dcadcde4c98f1c79eb9d4300c3018d4aa530d7c7880c8495fdf92bb2bc89dfff5b47922f8750bac3885b1c8e70440b1d8d68e876268e6dc7a3a5a45c8f31f51
SSDEEP

6291456:thK+Rna2PLUSGDZApcvpCRD8wRnzd+xGrU8vLmaOH:PVEEjG9RBsmZULjOH

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\S:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Program crash 1 IoCs

pid	pid_target	Process	procid_target
1624	312	WerFault.exe	83

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions\Cached	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Internet Explorer\LowRegistry	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000\Software\Microsoft\Internet Explorer\LowRegistry\Shell Extensions	PaintStudio.View.exe

Modifies data under HKEY_USERS 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CacheLimit = "1"	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CacheLimit = "51200"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Cookies	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History	PaintStudio.View.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings	PaintStudio.View.exe
Key created	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Extensible Cache	PaintStudio.View.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3229013990-3330391637-2814184332-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.mspaint_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	PaintStudio.View.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
312	PaintStudio.View.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
3728	mspaint.exe
3728	mspaint.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
312	PaintStudio.View.exe
2992	chrome.exe
2992	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of AdjustPrivilegeToken 31 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4264	unregmp2.exe
Token: SeCreatePagefilePrivilege	4264	unregmp2.exe
Token: SeShutdownPrivilege	4908	wmplayer.exe
Token: SeCreatePagefilePrivilege	4908	wmplayer.exe
Token: SeDebugPrivilege	312	PaintStudio.View.exe
Token: SeDebugPrivilege	312	PaintStudio.View.exe
Token: SeDebugPrivilege	312	PaintStudio.View.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe
Token: SeShutdownPrivilege	2992	chrome.exe
Token: SeCreatePagefilePrivilege	2992	chrome.exe

Suspicious use of FindShellTrayWindow 28 IoCs

pid	Process
4908	wmplayer.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe
2992	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3728	mspaint.exe
312	PaintStudio.View.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2376 wrote to memory of 2532	2376	wmplayer.exe	72
PID 2376 wrote to memory of 2532	2376	wmplayer.exe	72
PID 2376 wrote to memory of 2532	2376	wmplayer.exe	72
PID 2376 wrote to memory of 2896	2376	wmplayer.exe	73
PID 2376 wrote to memory of 2896	2376	wmplayer.exe	73
PID 2376 wrote to memory of 2896	2376	wmplayer.exe	73
PID 2896 wrote to memory of 4264	2896	unregmp2.exe	74
PID 2896 wrote to memory of 4264	2896	unregmp2.exe	74
PID 2532 wrote to memory of 4908	2532	setup_wm.exe	75
PID 2532 wrote to memory of 4908	2532	setup_wm.exe	75
PID 2532 wrote to memory of 4908	2532	setup_wm.exe	75
PID 2992 wrote to memory of 3996	2992	chrome.exe	92
PID 2992 wrote to memory of 3996	2992	chrome.exe	92
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 4900	2992	chrome.exe	98
PID 2992 wrote to memory of 3268	2992	chrome.exe	94
PID 2992 wrote to memory of 3268	2992	chrome.exe	94
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97
PID 2992 wrote to memory of 900	2992	chrome.exe	97

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\7.5 - @LOGS_CENTER #4.rar"
1⤵
PID:4448

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
1⤵
- Suspicious use of WriteProcessMemory
PID:2376
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2532
- - C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Relaunch /Play C:\Users\Admin\Desktop\SyncGet.mpeg
    3⤵
    - Drops desktop.ini file(s)
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    PID:4908
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2896
- - C:\Windows\System32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4264

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localserviceandnoimpersonation -s upnphost
1⤵
- Drops file in Windows directory
PID:832

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Desktop\SetReset.jpg" /ForceBootstrapPaint3D
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3728

C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
"C:\Program Files\WindowsApps\Microsoft.MSPaint_1.1702.28017.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe" -ServerName:Microsoft.MSPaint.AppX437q68k2qc2asvaagas2prv9tjej6ja9.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:312
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 312 -s 4000
  2⤵
  - Program crash
  PID:1624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff9b4f09758,0x7ff9b4f09768,0x7ff9b4f09778
  2⤵
  PID:3996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1784 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:8
  2⤵
  PID:3268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2848 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:1
  2⤵
  PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2832 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:1
  2⤵
  PID:2232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2080 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:8
  2⤵
  PID:900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1600 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:2
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4392 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4560 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:8
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4696 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:8
  2⤵
  PID:3448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4540 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:1
  2⤵
  PID:3940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5204 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:8
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3688 --field-trial-handle=1500,i,598478243293179684,15768162598933783537,131072 /prefetch:1
  2⤵
  PID:2084

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2648

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
262b7f225eb3d64f49f174ed3ac8aa64

SHA1
c46d8f65a851bd5279fc79380b8f00eed0b55406

SHA256
a09f496b117e1fabb09ca69c8585c1417bf28f6874b03126535a17dac7962463

SHA512
3eafe25b8a33a36d10f87fcf4c850e45aaad5d9d7c32cdca0413b683aacd59e40a1a01ce10add59f84af078a2afb7f44eea25928590d4911d940c7d496d8f1bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
7ef7f33b71cf5f34363a12cdf809fda8

SHA1
c8fd8d4c112ac8baf7820079aea9e3621227ec4f

SHA256
bc060803937833af3df36987566fa6c8db6cfd89ae9077e2af58921c92455007

SHA512
de153c9f72952796cd3256e25103613a8fa3abaa86d4b13eb14dd5b18aa0c18d1dab92823d212e3856c7753a889b9e28b56dd0da27aa5db23b64e1b9685b494f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
906284eb1ef36649f0ed964442478de7

SHA1
f3191b9f6bcc4eb1382b5e8f577c4e6232100565

SHA256
4f1753d52bfa2991027c2ddfffce3c629397050968e66dc711503d83591edbce

SHA512
77dbdc274f5e866a8fd005108843100b246b8dc69d3a661a1faab00bb91c676af3bbf54aa32e95909b1f3811a483b4f01b279e36a4efb942a984bccf64e2ab26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
571c2eed5266579436b4912cbc7aaaed

SHA1
a83cd2001450998c94eb1a05e5c1675b85d6c27e

SHA256
abc0f525ef1298dec508737a6e7e3f3740805b2c548763bad9cb40aaeb55f3e1

SHA512
896df0fdc4e718b4ae7a00d1894d5f4fb517566642e367af7f556cef4e53d76f10053877163228ff5bc2ad78721195dbf43286cb47544d3dbb2eb3cc31ca3deb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
bab1bd3c6d1cdc141f18f80c0a9e002d

SHA1
c49a051d4e0f291ccacabe10484590ba9a9586d0

SHA256
790970c0fb55bf552b3ea9424de39ec70ab78dcce86bf6187ffb1bb326277094

SHA512
57856f92102d0cf91c395780e628b534831750fa62cfc2c7d3960ace7773ca4ff5597497a515ca1849e531d053bed5377305e60e9a076b5db6e60319bbfd0db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
6f7dcd6a364a37481aefff591a8243e7

SHA1
669b696481a01de28ce22d79cf573e4550911f77

SHA256
ad28b1e94fa931111c63784eff3385e26a90f55827388603ace8c9977548c7b4

SHA512
2905774475dfb35dc3b63368f5255eae9513aeffa40dbfebfaf4ed533121d555c15341bcbdd8a7806f588efd94932a661c324cc1a91a1955c8b8ed5acedcd158

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
557172282356ccf5f41be3e2e8df964b

SHA1
6d59f78724058d6a8d973496c8452ea735ff69f3

SHA256
76c0f71f461027eecb2f3512d191dbc8f434007c7c513c413db543bae2de2151

SHA512
5781f1967a54e0fd85fc81d7bdd8bcac734f16a68ee4d4b8ebabecf2857f71975e73db41186ef59df85a68540f3accab3f6ed0476b5979534c7f696178a4f5a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
64KB

MD5
98df921f667bf303621c789390ed9f2e

SHA1
d9c82e51534cf1c2eb5a255286de6a09ca364d1a

SHA256
8b8497d37fa9ddd44e275aa7631d7c7173c384a501d11e73e3d4401513c4bbe3

SHA512
58e896295763c2729c5a19986356e7cc7706265bbda5cd9cec98201ec9ce86c4b68a3e388c86aba198870ca4b8ab1a7876f2d8e1fff7437216dd2789b3ed3796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
db768e865df4d433636ea1cfdaa2ca82

SHA1
ce2e13a04a5dc3ba99d49a0d55f481545274de6e

SHA256
87340b742128d2f260dadbeef59c78c8af70125ca70445c4210876c0e24afece

SHA512
34d3a81587271086385cd24382ca9e309c482bc2676e69f35bbcd0e3cce2b206de2e0b0d242cc3b622f65dc4c8a05c61a18329dfbb955e7234fdc495696747da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
256d146f3c1918cad1d594b1666a4168

SHA1
752f0d64d507dca46f3fc17b5329e002280af937

SHA256
9b5e15a4c9c9ba88e6ea4f091af4d106d964936244e524efb0c7f0ef869c29c6

SHA512
5ffcd903a4b142a8e246b16874bd7a75f6255f55802141d2109adb51fc7c39222ad10b155900e3401eed60c169f10a9919e94f6686a8654593910ab0485adaf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\Projects\Projects.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MSPaint_8wekyb3d8bbwe\LocalState\cloudCommunitySettings.json

Filesize
2KB

MD5
404a3ec24e3ebf45be65e77f75990825

SHA1
1e05647cf0a74cedfdeabfa3e8ee33b919780a61

SHA256
cc45905af3aaa62601a69c748a06a2fa48eca3b28d44d8ec18764a7e8e4c3da2

SHA512
a55382b72267375821b0a229d3529ed54cef0f295f550d1e95661bafccec606aa1cd72e059d37d78e7d2927ae72e2919941251d233152f5eeb32ffdfc96023e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp22484.WMC\allservices.xml

Filesize
546B

MD5
df03e65b8e082f24dab09c57bc9c6241

SHA1
6b0dacbf38744c9a381830e6a5dc4c71bd7cedbf

SHA256
155b9c588061c71832af329fafa5678835d9153b8fbb7592195ae953d0c455ba

SHA512
ef1cc8d27fbc5da5daab854c933d3914b84ee539d4d2f0126dc1a04a830c5599e39a923c80257653638b1b99b0073a7174cc164be5887181730883c752ba2f99

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmp23859.WMC\serviceinfo.xml

Filesize
523B

MD5
d58da90d6dc51f97cb84dfbffe2b2300

SHA1
5f86b06b992a3146cb698a99932ead57a5ec4666

SHA256
93acdb79543d9248ca3fca661f3ac287e6004e4b3dafd79d4c4070794ffbf2ad

SHA512
7f1e95e5aa4c8a0e4c967135c78f22f4505f2a48bbc619924d0096bf4a94d469389b9e8488c12edacfba819517b8376546687d1145660ad1f49d8c20a744e636

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
08f66617ed5eea8b3507dea6e0f4c99a

SHA1
872cfc13ce31712c6acaade9b1ede9ea19a1231a

SHA256
87a807437608870cf8192ce2da7b13ce057477dd07f7c5d9390f2cb5abc9d862

SHA512
ba05b85e26a04c13c05ea4f790346452698c7dbf334a86b57fa302c68cfbe1db4fd4524653f17d4b30316722db32c5608b4f1d43c9886f6fc3480ebb7cc85492

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
3KB

MD5
cb1d20dca36b755dcf0c270136afdf78

SHA1
1d4db13324f297abac417b81d638d629755cc42e

SHA256
cb31fd0bd43ecacdf1609214dcd55d11234f1705bf7d8aaee1f095b9a9690440

SHA512
d192b81693c5d30c780e67b62deaa6717044dd6c242a9236f73f7c8386820177a12c084223c7dfc33f384c5f6007097ea61963d5b93d552b5572ebff2bf56285

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\74d7f43c1561fc1e.customDestinations-ms

Filesize
1KB

MD5
a552a9ea297412a35b443af7f689cdee

SHA1
6938314f14ed99d390d37efe281dc115c5aa427b

SHA256
f21196a3356a4f155ffb7bbb34ce315ebaf918230638d62288a09d33a3d494ea

SHA512
b157c1e647a48047e6aee63e1993df44ae32b1ecc183127fd24cdd5e45e3f8368279ac987eb0b8ee22a0983d8feb1d7432ae9caacb6d81f0c4d3c512e55fe9b5

Download Submit
memory/4908-233-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-247-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-188-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-189-0x00000000087B0000-0x00000000087C0000-memory.dmp

Filesize
64KB

Download
memory/4908-190-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-192-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-193-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-196-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-198-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-199-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-200-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-201-0x000000000AF90000-0x000000000AFA0000-memory.dmp

Filesize
64KB

Download
memory/4908-197-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-194-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-202-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-203-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-204-0x000000000AF90000-0x000000000AFA0000-memory.dmp

Filesize
64KB

Download
memory/4908-205-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-207-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-209-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-211-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-213-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-214-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-215-0x000000000AF90000-0x000000000AFA0000-memory.dmp

Filesize
64KB

Download
memory/4908-217-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-216-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-218-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-219-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-220-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-222-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-224-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-223-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-221-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-226-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-228-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-229-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-227-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-231-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-186-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-232-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-235-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-236-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-237-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-239-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-238-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-240-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-241-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-244-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-245-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-187-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-248-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-246-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-243-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-249-0x0000000007AD0000-0x0000000007AE0000-memory.dmp

Filesize
64KB

Download
memory/4908-250-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-252-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-254-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-259-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-258-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-260-0x00000000087D0000-0x00000000087E0000-memory.dmp

Filesize
64KB

Download
memory/4908-256-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-255-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-253-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-261-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-262-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-263-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-265-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-269-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-267-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-272-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-271-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-273-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-275-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-276-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-277-0x00000000087D0000-0x00000000087E0000-memory.dmp

Filesize
64KB

Download
memory/4908-278-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-279-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-280-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-282-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-281-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-284-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-286-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-182-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-285-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-287-0x0000000008770000-0x0000000008780000-memory.dmp

Filesize
64KB

Download
memory/4908-311-0x00000000087B0000-0x00000000087C0000-memory.dmp

Filesize
64KB

Download
memory/4908-312-0x00000000087D0000-0x00000000087E0000-memory.dmp

Filesize
64KB

Download
memory/4908-185-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-183-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-181-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-180-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-179-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-178-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-177-0x00000000084B0000-0x00000000084C0000-memory.dmp

Filesize
64KB

Download
memory/4908-176-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-175-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-172-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-171-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-170-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download
memory/4908-169-0x0000000007BA0000-0x0000000007BB0000-memory.dmp

Filesize
64KB

Download