5920ce29a0429c40ba97fcf59ebbf77d87296d22e769cd4720d0b4d34963057c

Analysis

max time kernel
1801s
max time network
1803s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
08/08/2023, 15:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

111111.txt
Size

546B
MD5

d4667a61452845f6dab7acf2279fd0ea
SHA1

ba1a35c9504828fde90bc250f5a05b5895830d9d
SHA256

5920ce29a0429c40ba97fcf59ebbf77d87296d22e769cd4720d0b4d34963057c
SHA512

3555aa8207fad9569735051415f74e6d76e71be70f6962ff1f935a551cd7a9ddd7a42e8e2bb856d62bad3bc2de7ee8cf22c19db4a471f46d4b829a51c3933c03

Score

8^/10

Malware Config

Signatures

Blocklisted process makes network request 64 IoCs

flow	pid	Process
92	3712	powershell.exe
97	2828	powershell.exe
99	2828	powershell.exe
100	2828	powershell.exe
101	2828	powershell.exe
102	2828	powershell.exe
104	2828	powershell.exe
105	2828	powershell.exe
106	2828	powershell.exe
107	2828	powershell.exe
108	2828	powershell.exe
109	2828	powershell.exe
110	2828	powershell.exe
111	2828	powershell.exe
112	2828	powershell.exe
113	2828	powershell.exe
114	2828	powershell.exe
115	2828	powershell.exe
116	2828	powershell.exe
117	2828	powershell.exe
118	2828	powershell.exe
119	2828	powershell.exe
120	2828	powershell.exe
121	2828	powershell.exe
123	2828	powershell.exe
124	2828	powershell.exe
125	2828	powershell.exe
126	2828	powershell.exe
127	2828	powershell.exe
129	2828	powershell.exe
130	2828	powershell.exe
131	2828	powershell.exe
132	2828	powershell.exe
133	2828	powershell.exe
134	2828	powershell.exe
135	2828	powershell.exe
136	2828	powershell.exe
137	2828	powershell.exe
138	2828	powershell.exe
139	2828	powershell.exe
140	2828	powershell.exe
141	2828	powershell.exe
142	2828	powershell.exe
143	2828	powershell.exe
144	2828	powershell.exe
145	2828	powershell.exe
146	2828	powershell.exe
148	2828	powershell.exe
149	2828	powershell.exe
150	2828	powershell.exe
151	2828	powershell.exe
152	2828	powershell.exe
154	2828	powershell.exe
155	2828	powershell.exe
156	2828	powershell.exe
157	2828	powershell.exe
158	2828	powershell.exe
159	2828	powershell.exe
160	2828	powershell.exe
161	2828	powershell.exe
162	2828	powershell.exe
163	2828	powershell.exe
164	2828	powershell.exe
165	2828	powershell.exe

Downloads MZ/PE file

Drops file in System32 directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\taskschd.msc	mmc.exe
File opened for modification	C:\Windows\system32\eventvwr.msc	mmc.exe

Enumerates processes with tasklist 1 TTPs 1 IoCs

Process Discovery

T1057

pid	Process
3516	tasklist.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133359833836155963"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1498570331-2313266200-788959944-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4428	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
3712	powershell.exe
3712	powershell.exe
3712	powershell.exe
1844	chrome.exe
1844	chrome.exe
2828	powershell.exe
2828	powershell.exe
3988	powershell.exe
3988	powershell.exe
396	powershell.exe
396	powershell.exe
396	powershell.exe
5112	powershell.exe
5112	powershell.exe
5112	powershell.exe
4856	powershell.exe
4856	powershell.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4056	mmc.exe
2248	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 5 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4056	mmc.exe
4056	mmc.exe
2248	mmc.exe
2248	mmc.exe
2248	mmc.exe
2248	mmc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2100 wrote to memory of 3796	2100	chrome.exe	85
PID 2100 wrote to memory of 3796	2100	chrome.exe	85
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 4144	2100	chrome.exe	87
PID 2100 wrote to memory of 1960	2100	chrome.exe	88
PID 2100 wrote to memory of 1960	2100	chrome.exe	88
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89
PID 2100 wrote to memory of 5024	2100	chrome.exe	89

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\111111.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0x9c,0x128,0x7ffc45889758,0x7ffc45889768,0x7ffc45889778
  2⤵
  PID:3796
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1708 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:2
  2⤵
  PID:4144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:1960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2280 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:5024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3008 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3000 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:1
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4812 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4924 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:1120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4900 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:1
  2⤵
  PID:1076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=960 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4684 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:1
  2⤵
  PID:948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3740 --field-trial-handle=1876,i,9521038762366873445,6991761721354388965,131072 /prefetch:8
  2⤵
  PID:1572

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1520

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1128

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Blocklisted process makes network request
- Suspicious behavior: EnumeratesProcesses
PID:3712
- C:\Windows\system32\print.exe
  "C:\Windows\system32\print.exe" c
  2⤵
  PID:1868
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Blocklisted process makes network request
  - Suspicious behavior: EnumeratesProcesses
  PID:2828
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -wi hi
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3988

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\taskschd.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4056

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\system32\eventvwr.msc" /s
1⤵
- Drops file in System32 directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2248

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:396
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Version 5.1 -s -NoLogo -NoProfile
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4856
- C:\Windows\system32\tasklist.exe
  "C:\Windows\system32\tasklist.exe"
  2⤵
  - Enumerates processes with tasklist
  PID:3516

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Process Discovery

T1057

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
312B

MD5
3a8f08d1d1c3c84a187a9e861a25ea1a

SHA1
3f26fcc6035fb6a685ec4901021606ec8a2e74ee

SHA256
4e1526166f66bb86663db75949349a89732b60e2385986284cf9fccbf689acb2

SHA512
94f04498aad5dd5d595996f749781a65a86c5cfede5bc47c2185e1d4740c522443e59afd21c692c6c17cca07f8a0015306d4202691f314c66e8a0d55b2a4d490

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
f530dd0e521189c0df87dce7e20986bb

SHA1
e8da184ec78e4d2156aad4ed986f682fc13fb186

SHA256
6c4491b61f96ba152991488fad08bffac168f8cbf245852509e8e1edfdc7e392

SHA512
3e9bef28f2f68c0eb40a33a6bb92dbff3590e48d5aaf8865ca2afcc088ce394109d12a6b752d477090d9667fc12c3504439fec3c240e24f6dd1aa2cfebbcce93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
dcf43575305d3966eb7ce0b317d63398

SHA1
0fde700ceb4850971e21ecabd4794776a2b04b84

SHA256
6d85aaa9e45be0047a4978d5392019fffc18348c0a926cd7a7350a272a612d36

SHA512
b806a8146714a5627feb20efd6b9ec6f020519b78db6eb406d44137c4224f805eabfd0423add8a78cf427886320cb98239fcf741bcb0b6040376042d06a68a36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1fe480db09c1a4f0ce9481c93041efd4

SHA1
a3f66bbaed77bb1734f16e7482f8d60acddcfd0e

SHA256
640cdfe19de1733cdb7833e4f2334cecebb8fd87c76e7a6ba18f9b298a4369ec

SHA512
3891892b37d0e04dd372032a89361c1c2063cc508328ba4334a2d55098d119088eee44707fa08ed607b5c2c32e7256ba6d7560241e9b98a5161fbc56cffe531a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1014B

MD5
5253f44362742a45fedab0e9388d03fd

SHA1
e415649d5baa2d714267c0de0e335f2f47873e76

SHA256
b4cf9f9084a4f615f4190305c0d272f4bcfe43c5503c775dab6dd6c70f3062b8

SHA512
c3c4a073787703996f5638ae0c138a2cc9ff0e5f4d58f2314c616569efa80f19601c456fce3f3ce5ce17f3c71971c93dc0ed4daf8299be77e21690874f06d034

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
538B

MD5
6efc3724d68224a44d296f2d61d01a6c

SHA1
fa87871d6fa58c139b80388f16ccf8eb6a378846

SHA256
66d65704cfb272e694b78c0607c14af4c25d20ebf06dc4f63ccf6c5562e2c95a

SHA512
04e6fc826a7f1981912db4eb02e49504b2298a3f57a56d79bda2081d575750b9c5c65bad9d65cad51e14c13c949415843ed2838707988fcaa343fc17e692d798

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
405a9429bc7623c1a90ba3738bf8cfa8

SHA1
de6cefe3176758787d30bbd3a4a5d1dc104fd91d

SHA256
d76ca6221f180bd9ac1a4df06abfdcfc2b1a5910fdbc1062b4f2e80c113be24d

SHA512
432dffb37c8d2dbd5537fd865e5742032077e362098135abd1583ee0fc11ab7a707292861b17a19ffbd66ddfe72a29f664c9116e4140c9a081a5c6fcdb490442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ddfbae8e1fe27cdd5b53bb5aaa5f4721

SHA1
57103dbb429a5f7d47faae0b9974040024e768fe

SHA256
a5143dd16d29bde2c106b66fb0be6a9427b04d3bb8e080e6ad0b0d31c9ca3fdc

SHA512
32efbc35baac6e0bdd4f31b887ebcd69d8fc53a885ccef149a7d969b3133c2b3b289e321edecfdd3127cc8b19d8f0e8c13f9ad620ebac1931f980ad158dfb5ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
e6508837efc036c93acfc9a0b23ae869

SHA1
f8f1c025b2f0c1758611fa6a69cd1643533d23e4

SHA256
0a3ed75a392f0178edef98f8a0d7a862a3bdee87fef9d6ddbd9ef773531bda84

SHA512
19525968570c3ce0d5f49c60d297d499e1fb0c21ecdd0aa9725ba2e40271675c1626fd65641cd2842105fad88e9d0963ea3aaef474dbc0f58685aa6240d05cfc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
4c6dfefeb1ff6469d056281cdb842622

SHA1
17605d4023703485581fbd5c620ec1c2a57c3bc5

SHA256
91a7e0a609472d527a8a16a937975d9397c2ce02286e137dbc9bd6d3a03a6a4f

SHA512
b107ed00a128ac3baf7c5c8f6a19b51e99e49f70ef7dcdf8fc32b92c8ea000d6c755042faac371794365b4ae4c557187a479a4b189f77b971c692467756bfa6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
8e35ac9bdc5c9388baca7be6b96ad663

SHA1
274155fdce2ec06b3ec2ef05930135d51f97a2bb

SHA256
ce65f462d1700cbb8f671fe70ce590730e50c25b4fb92b47fe3927993f15d89a

SHA512
a85443ab9326864e884905fd7e18f7b3d76e237979270b1fd0febdfbbf517da0a51d082db9e1ae7261a3b35ad12b9c119c9ddccb64f933930e53c562c64fea2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3943b69cfd7eb5552067c72ee730530e

SHA1
abbe0f136c345d234aae4519326d677a1988fa4a

SHA256
8233e0481c16811f5d4ed926ccb69c13e46f4d61c26e29cf60d31f18b8b7ab10

SHA512
12ba34dcb9a439def3a8ebe3b521fd0eedf80046dcfe484bcf5cb6a9a78bb563a205288cb1b1668be3a435e95cc851227e49e605bd4174c5e288b4954bfc3b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
be09c646f9cc8dbaf766689e1cf7f603

SHA1
bbc23ceb83f7d2dd67df2ce5df8c96f25aa88900

SHA256
23e4b5d822e871cbd8693126c5c9db62821957f76e2e000cc1f4ed51959b8853

SHA512
cafd88f425d5d88a30b19c70c8bac45a2a9dfbe4a14296e81b40cde056e21c44b0e0d1aa5517a09f0f4801dbd7ed73831b254a786329cc0bc220f07a91810485

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
177KB

MD5
235fce7d674d40a6001b6caf2c8f8b65

SHA1
5c1bb3f4d73655f1c9494c6df4124f420cd93744

SHA256
78ae5d4badb5bfe5cc074f157433ff62422edc971aa053a2608444a3feaa5ca1

SHA512
e03c9a70084d96dd1e74d2dde258758f861170010a293a8bfb41ca13542e74c4ac7a3216b7ea5e04252f614c34da56c4cbf0fccab926eecf101508c2f733a1a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
70eecde0e36d78aba4e89b10bd5edaa0

SHA1
6ecdcda10ee9eef21545f629af439991cf439daa

SHA256
4fa42f25e36a1f8358c67507c1743954e12d83c5772cbb86240299253f81efb8

SHA512
e727772eb5b4f6b1b93edec50cde3be6c9c2396d680ad693a6c0e2e087bbc048eb318c4bd9eeacbaf8bc327abc525358cfca3d837552dccc5d48aae29f188842

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe679b58.TMP

Filesize
107KB

MD5
a67ff00fda564832b8a6ef164c0c9cd3

SHA1
990029e7f56d8262f7bb86ffeb8ce481470ed505

SHA256
06e4f8b26edeb8fc3e2f65902f96987ae9a435bcfc9cb50ea9b20aa523b0a1cf

SHA512
a2268b2102464468d0a3480a2ce2a081415cf4a80da1bfe002154f9a56fd4c9742018aaa9c471afecfd262c7c03601b84accc4657592ad0c938661037a5c46cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\mmc.exe.log

Filesize
2KB

MD5
48a42989e3f44db40ac35be1c9a9e733

SHA1
5e66d1d0c0e696b4c77bdfbf6ba0abdda0f67962

SHA256
d59b502d40f5a9b923bd8e1bc17ae4a2af83c1648fcbf687dfbe9219b16780e6

SHA512
fecf31f81aff66036f509b298d4c8bd6effecaaf1c1f42adb1ce3bd791279c141b87d8846e316246f462df4abf35942706fb82b736739494043e1636da8aa404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache

Filesize
54KB

MD5
5f612d9087b8bcadb4002e6b026990e8

SHA1
b5f343e569abb0849c06e3d77d00cc1bd2d5f589

SHA256
838be164025509d2c4dd005aabf7bbca522b703e931d9c21fb287b5f06178450

SHA512
d5e3e0eeb9b4d3f7ceeba19bc83669258d77d6f973e90049d8cb2796e3f0f6502209e1863ba0a0c7d69b1cc3c0a43e74b9efd0557854ac349f3ffc51d6ea1c59

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_redjaqdc.uy0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\PowerShell\PSReadLine\ConsoleHost_history.txt

Filesize
648B

MD5
9a33a82f69f44a61585c83b579fc548f

SHA1
0cae7c41fea0ed57f7b766d69efe3bbfeb13c43b

SHA256
7e0e5d39b803020fbf6814baeb989555114417e57938692fd69d094bd48dcc94

SHA512
25e57c130a63274f35aad81b74fb532183bb44b26641040f937c0196bc08a8e86476534d9e7dd591077b01d98f5e7c27430bb183622be17638b26b8d9be4b1d7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
5KB

MD5
722a7ae622cb3ffafef8c41aa9060c9c

SHA1
020df2770b308b5aa48bd31064b298605469adfd

SHA256
ffdbb787503a402e7ac7ad123639b57bda6a027999f9e10570597f61bb81f839

SHA512
41a511b7a8fe03ea28a51f55f561fcb311def1c65cc39755bb64b5e24d9db51ff1d1e843dec7d62f8df898b75a8e1e4c23fad533507254f12be4f23084b10e67

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
5KB

MD5
09a18ceedfc3b8ee2b538c3fcf1bf6d6

SHA1
c44d18d5308a8ac8c8002b29b93848e504e3a0b9

SHA256
bacb1b364a89627aa7e43a0166b73539c3b87565517cea91e707da4bfe06ce83

SHA512
2cbbb9fb76100460d07eec2e7efe475d36afa775ae609f7d3949076b56a7b1763cac3f2f8ab74575925bdf8602bf77b329b0c6cb79aed9d361b1677d12f60d3b

Download Submit
memory/396-376-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/396-374-0x0000028BDAB10000-0x0000028BDAB20000-memory.dmp

Filesize
64KB

Download
memory/396-373-0x0000028BDAB10000-0x0000028BDAB20000-memory.dmp

Filesize
64KB

Download
memory/396-372-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/396-377-0x0000028BDAB10000-0x0000028BDAB20000-memory.dmp

Filesize
64KB

Download
memory/2248-336-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-333-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-338-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-335-0x00007FF42F5D0000-0x00007FF42F5E0000-memory.dmp

Filesize
64KB

Download
memory/2248-339-0x0000000020620000-0x0000000020B48000-memory.dmp

Filesize
5.2MB

Download
memory/2248-342-0x0000000021FA0000-0x0000000022052000-memory.dmp

Filesize
712KB

Download
memory/2248-334-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-337-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-332-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-331-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-330-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/2248-329-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-328-0x00007FF42F5D0000-0x00007FF42F5E0000-memory.dmp

Filesize
64KB

Download
memory/2248-327-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-326-0x000000001D210000-0x000000001D220000-memory.dmp

Filesize
64KB

Download
memory/2248-325-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/2828-269-0x0000015D63060000-0x0000015D63070000-memory.dmp

Filesize
64KB

Download
memory/2828-268-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/2828-283-0x0000015D63060000-0x0000015D63070000-memory.dmp

Filesize
64KB

Download
memory/2828-282-0x0000015D63060000-0x0000015D63070000-memory.dmp

Filesize
64KB

Download
memory/2828-281-0x0000015D63060000-0x0000015D63070000-memory.dmp

Filesize
64KB

Download
memory/2828-280-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/2828-279-0x0000015D63060000-0x0000015D63070000-memory.dmp

Filesize
64KB

Download
memory/3712-245-0x0000024C4B500000-0x0000024C4B510000-memory.dmp

Filesize
64KB

Download
memory/3712-248-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/3712-249-0x0000024C4B500000-0x0000024C4B510000-memory.dmp

Filesize
64KB

Download
memory/3712-250-0x0000024C4B500000-0x0000024C4B510000-memory.dmp

Filesize
64KB

Download
memory/3712-266-0x0000024C4C170000-0x0000024C4C2E6000-memory.dmp

Filesize
1.5MB

Download
memory/3712-267-0x0000024C4C500000-0x0000024C4C70A000-memory.dmp

Filesize
2.0MB

Download
memory/3712-247-0x0000024C4BA70000-0x0000024C4BAE6000-memory.dmp

Filesize
472KB

Download
memory/3712-246-0x0000024C4B9A0000-0x0000024C4B9E4000-memory.dmp

Filesize
272KB

Download
memory/3712-287-0x0000024C4B500000-0x0000024C4B510000-memory.dmp

Filesize
64KB

Download
memory/3712-244-0x0000024C4B500000-0x0000024C4B510000-memory.dmp

Filesize
64KB

Download
memory/3712-243-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/3712-233-0x0000024C4B460000-0x0000024C4B482000-memory.dmp

Filesize
136KB

Download
memory/3712-286-0x0000024C4B500000-0x0000024C4B510000-memory.dmp

Filesize
64KB

Download
memory/3988-291-0x000002156F1C0000-0x000002156F1D0000-memory.dmp

Filesize
64KB

Download
memory/3988-304-0x000002156F1C0000-0x000002156F1D0000-memory.dmp

Filesize
64KB

Download
memory/3988-290-0x000002156F1C0000-0x000002156F1D0000-memory.dmp

Filesize
64KB

Download
memory/3988-289-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/3988-303-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/4056-310-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-319-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-306-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-307-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-308-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-309-0x00007FF42D140000-0x00007FF42D150000-memory.dmp

Filesize
64KB

Download
memory/4056-314-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-311-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/4056-312-0x000000001F260000-0x000000001F360000-memory.dmp

Filesize
1024KB

Download
memory/4056-315-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-313-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-323-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/4056-320-0x000000001F260000-0x000000001F360000-memory.dmp

Filesize
1024KB

Download
memory/4056-305-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download
memory/4056-318-0x00007FF42D140000-0x00007FF42D150000-memory.dmp

Filesize
64KB

Download
memory/4056-317-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/4056-316-0x000000001D2B0000-0x000000001D2C0000-memory.dmp

Filesize
64KB

Download
memory/5112-381-0x00007FFC31770000-0x00007FFC32231000-memory.dmp

Filesize
10.8MB

Download