7b0d98f84abafdd8468c6bf535efe6089cd438782641da3e4a823f399aaf4f0e

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20231222-en
resource tags

arch:x64arch:x86image:win11-20231222-enlocale:en-usos:windows11-21h2-x64system
submitted
04/02/2024, 10:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Screenshot 2023-12-23 100219.png
Size

557KB
MD5

6b1e21e07588887f92a9c7d3cbf385b7
SHA1

09aafa42d80ee5e60e23e3dbc94fc196a5b87371
SHA256

7b0d98f84abafdd8468c6bf535efe6089cd438782641da3e4a823f399aaf4f0e
SHA512

aad0cba15a05f89659030d12fc2aeba1760c2974ff9df765895e530ec10edde0b1141c3a3d69632dd85fb4f93cdcb7f3c2f1eb48b7670400219324da22dd8ee3
SSDEEP

12288:Xrbbt3kPdrq22IYD/NQRAuIKCp00ywx8ZgSdtDV:XBkPNqXD/NQRpR0ywx8OY

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
2392	Virus Maker.exe

Uses the VBS compiler for execution 1 TTPs

Scripting
T1064
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133515170719139656"	chrome.exe

Modifies registry class 35 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	Virus Maker.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	Virus Maker.exe
Key created	\Registry\User\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\NotificationData	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e80922b16d365937a46956b92703aca08af0000	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	Virus Maker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616257"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	Virus Maker.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	Virus Maker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Documents"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	Virus Maker.exe
Key created	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	Virus Maker.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1184116928-951304463-2249875399-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	Virus Maker.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
3316	chrome.exe
3316	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4848	7zFM.exe
2392	Virus Maker.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeRestorePrivilege	4848	7zFM.exe
Token: 35	4848	7zFM.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe
Token: SeShutdownPrivilege	1696	chrome.exe
Token: SeCreatePagefilePrivilege	1696	chrome.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
4848	7zFM.exe
4848	7zFM.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe
1696	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
2392	Virus Maker.exe
2392	Virus Maker.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1696 wrote to memory of 2788	1696	chrome.exe	83
PID 1696 wrote to memory of 2788	1696	chrome.exe	83
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 2804	1696	chrome.exe	85
PID 1696 wrote to memory of 4552	1696	chrome.exe	86
PID 1696 wrote to memory of 4552	1696	chrome.exe	86
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89
PID 1696 wrote to memory of 1716	1696	chrome.exe	89

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Screenshot 2023-12-23 100219.png"
1⤵
PID:4116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffdc1799758,0x7ffdc1799768,0x7ffdc1799778
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1704 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:2
  2⤵
  PID:2804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3136 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3108 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4532 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4656 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:2640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4692 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4832 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4908 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4872 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4756 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4904 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5352 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:3892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4564 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5448 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5640 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\Virus Maker.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4848
- - C:\Users\Admin\AppData\Local\Temp\7zO0F27D128\Virus Maker.exe
    "C:\Users\Admin\AppData\Local\Temp\7zO0F27D128\Virus Maker.exe"
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:2392
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\vbc.exe" /noconfig @"C:\Users\Admin\AppData\Local\Temp\kyh1ihlu\kyh1ihlu.cmdline"
      4⤵
      PID:3908
    - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES8294.tmp" "C:\Users\Admin\AppData\Local\Temp\vbc19DF9AEBA994386954C1EA85F36312B.TMP"
        5⤵
        
        PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3900 --field-trial-handle=1856,i,14679180549068971920,18111722351798930212,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3316

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1444

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scripting

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

T1064

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
552B

MD5
bc6b2c9aa4e20d543d54c30b42aa906c

SHA1
1a09cdfc4d8dfd74f5bfd41cedbac8fec2f17a49

SHA256
e8d258a86c2a27c417747ce6b3c878709e9b1a87c347e43b82f32a95fdc0e413

SHA512
830b2246e953c18a6ccd186732d6c9e1a9bdc795f3df2d81bedc3a285515eb254ed1e6e8f25c39258431d9e9ea162665ef6e6f2e50e3b10d0aeec7897f02eb07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
42853bd269497375c6dc649d955fe5d5

SHA1
1cf73fe04050a75b989dff06ad12887410f4fd43

SHA256
29cfc87190ccf9259b82d52c391f5cdc6b5c7f554ae11ca9ccce14f1701db8a5

SHA512
7adda99473f1502e05f700a1b2f1c67940429d074d148fad265fdf4cccce7951f5e91e84c7f2a289d24cec3e5207e4f6f8e2591b1473c7df486b1dccbb7bb9b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
b8603ee7c9698009745fd6eca49f7ad9

SHA1
09bbdbcc90f4fcee3bec2ee64a1ee29b8787f44a

SHA256
b1f84967dfa77ebcccfe69b88134e95e7cbd4fb94dc73cb200aa8e6afc8f4761

SHA512
3a92a5230f0fce79edca782a451fb626d2e91cc38bc912041de442156dc696b7d98401d3d13dfa36adaaa35148d77006b843b28391e7357c8e5ca908962daaf2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
700B

MD5
94cf337e44aada4e95476640388166c7

SHA1
05d2edfdbd9a8c3f40ba461d2924e63c826db631

SHA256
063263f9e52a419a8b804dc43bf6833689ae9cc44d53f221bea2736baf200d6e

SHA512
a2f95ed2858c7c8dd8ba6fc43f3a32d5f999d4bc8b703fde00faf0fbe7272f96bec7a8d75f225ada749e0ae511557f5d4816dfb0c661621b52bcd17f749e0320

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
535B

MD5
2027f5c31c7620a75bf9cb65f7309cff

SHA1
3ba2e13068ccde6e814e40e8e18ca9d868980336

SHA256
c0c21371f5a2d4a208d60f8a144769ec885c476a5d572077e72b170aad3665ea

SHA512
e96d24c77b9ef1216cb9e4d16fc39673cc27e35d22406238eca41cb2b83abedbce187b49df07f55adddb0bdf7cdf178267465b9d0f75f3811fd50b10430de283

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b81f529889802c2e56eed6527e164217

SHA1
509a6b5812416b33a9b0581209cc2cad11a888c2

SHA256
6a694ea4ee9a4e5b011fb09a9acf6aaa709f59a3ddcc3dff248f32fa65e17dd2

SHA512
e3cbbfbae558ff5f8cd5ff488b35ca3a97ef89631cf7e43026d52c5a247ad3667dc0b5bd5699bf2b5e9797156a25305ca94c613f773f202b4c7b3316a0e84b0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9d69aa36c5f4d7168171fe153876f444

SHA1
ad2599883b5ec8951cf2503c250cf0382b086343

SHA256
22616588d94c36f0ce2352b003f833a85db1dc563a6400531433d2ecd00017f9

SHA512
bdfa1f991e7b9c30fd2cc08fca6d13d0085d0497dfc3cd54456aecbfddc14f005f945a617151b4994a2a3261eecc6f7ca7fba93775a8316622ef5a954ff5dca8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
08b72c59d53a980d64f7ffd1490d2631

SHA1
fc0e3928310b36d64bd14736945b7a45a48750d8

SHA256
aa4268046d44cd5b169e29127ebd110f93289f4fcfc368cf4288c38582823c77

SHA512
488d725aea8cae82af16bbb870c7aafd49f2e06049dd241bfb4d2f285d668358ed0867a08050879c25e4a6887f1bc016cd02ee09e98918e40842a2b8c31428c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8789fe4d505a400101ca9073a44889e5

SHA1
be5a3fbb8eb481bb1d4455b79d6684b596026cb0

SHA256
b80a426c8c032ad61c3c509d618fda00b6a2cef3154418b387a6f40c43280631

SHA512
fe304e4b90e07dd3bc124b4fd140a65a3c13bc371d204e76bc5e4d36da5173fd1ce6b6ad60bcb2e281959ecddcb1560629c768688f9f90b2e32226b35f345c64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
233KB

MD5
d70990496807ef44d6d69e54a81c16fa

SHA1
54422b6455576f0f53a2260cf582c49496d8c5fa

SHA256
4dea4e57cbfd6f17e7d7c80c8764aa70e269c5d6fed75133505b12af8165e6e7

SHA512
d15ec6b445e353166ffe08504ab7255ee502af7bf6507dec2b7eb2eb0e25addd804f8c43ca75da3215a08c477e5627607f03b17565ee2eb6b0012e9e472f52fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
9cccc03c2c6389d7d47e710eef6e2ed5

SHA1
859a647008ea7092d43368db503a53f6a4418123

SHA256
0b3974b0f891bf4cafc121079253b87b64de7f2844f15af75e343bc149e946cf

SHA512
e77fce9492a5e0b8743d28f7bada942c65e2ca01c209fb99c73be5708ba62532ea43de291d1daeb6bf47754ed6a668b599e688ca3772fbfdd5474950d673672f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581ce9.TMP

Filesize
88KB

MD5
27f55c949064a2544a9eafeda5eaf906

SHA1
744feaefd4e875681c17dc2535d506cad19f8768

SHA256
2afb3f192fc7e9b1b30bc9fab641e0224997994fe509a5b3b8c6ce1ecc8983f8

SHA512
8ba98341b991705f5f67a60b4a814b2aa79d6267e60b982638d4f80d0a926c1ef15ea200a043dc8b5110e3c1b6a606bb7e5549a3c00cdc134ef3bac7bcb506e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0F27D128\Virus Maker.exe

Filesize
3.7MB

MD5
c00845708ee4e6cbaa628a0886076c4d

SHA1
e011d28a40304957961654e62d00754a772fdee8

SHA256
16f14bd60c84a7838b99c34a791d5d334f08ee1e588c95162290ced38db8b092

SHA512
2b6a09b934ad6076008ad1b8bc960b6c3bf39968275f9f46fe1afbed7228eb196b46172c175106da70af80ad78aafc327869e71860af6472c74867dba022fb59

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO0F27D128\Virus Maker.exe

Filesize
3.4MB

MD5
0d8d4d531310f41cbc7e509a594a09c4

SHA1
b1b83e0617392167633e0a2e0aad8a86b3bad242

SHA256
f4635c9b7eb3e3572b93dbf10937dbb5470bcf84e1b8e042ee7ed45fa7c304c8

SHA512
642072b1607811442d593379db5a9f17a3e90dcc4390485031d62723960cb2d93c733e23ceccf587ce7355a1f5490fa5a06ab3968658fb1bd6ddedf13d2d23a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\RES8294.tmp

Filesize
1KB

MD5
6ab19a2e32ad4d374be914e85af626ba

SHA1
56f77cc95b23a63928fd08a1b2a02e796e04089c

SHA256
878c02495322fe3931aa476a4c59ba790a7e7f5444df44b2910dbec04f44ed81

SHA512
c1e4cdd18f9491e3c98f8cf5adc495c299343ad73eebfba817fac65596da406033f2a3c791e3b79593f9f8d904eb9a62a50162e4e96dd6b9d94d046301dc9452

Download Submit
C:\Users\Admin\AppData\Local\Temp\kyh1ihlu\kyh1ihlu.0.vb

Filesize
5KB

MD5
aca2cd4fe66c1eec5bf65b71cea934b4

SHA1
dcdbc61ac193c8d70a8e256d204e5a1ef24dc389

SHA256
72d30b86fa05e1f924ea4b2e95497cf389bad0a0fd0e78ad28ef95108a2821f2

SHA512
0861efbadbdf0c3a5b8a5062f6b42d63c718e63997edf0c9480d3b3e59c80963b5c75cb6f8923c8c7641d9601226208796961b803037c275f917fa0f0c6e4685

Download Submit
C:\Users\Admin\AppData\Local\Temp\kyh1ihlu\kyh1ihlu.cmdline

Filesize
168B

MD5
2555c26aeeb5aa762face0c4353c3b87

SHA1
747c995db6769b34b86260266316882557414369

SHA256
cc1a9f6b7941d7881335d35569a6791f88411109491962a03eefd35e471a5a0f

SHA512
9c3d8689df9304c2c97635ca4feb87e784b0628bd853e6e52c72adb8c137407088026ec304f7ce559d470847a869784ade1c633fb7dbc1c32bbdea7df68e72c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\vbc19DF9AEBA994386954C1EA85F36312B.TMP

Filesize
1KB

MD5
7ec1fc6b0ced4cb0ef7f437b461a3d69

SHA1
68d4b537bae2924eddfba2c67c8bc0c4b2bc8fdc

SHA256
b185045d5e76fd5014a2a623fb6a75fdef68c9429fce89f3dee0a136adb738f3

SHA512
3a924a011176efabff98b4488a46679d96d137aea9103c076e5222e1fa283b1f5941a350ed70ab8e6c1e74086a50a87cb760e6373fa65fe9c7836c049d606aa3

Download Submit
C:\Users\Admin\Downloads\Virus Maker.rar.crdownload

Filesize
82KB

MD5
d1f61793e7898df4b27e3345764ceca8

SHA1
f03b91146aeaf753b565620a022a238830ed56d4

SHA256
d32f3a860b863d38f117c2e7efcaa6909583d418f8578b526a7ed0153529644b

SHA512
6491767f6db68886d000b173306377f3b0bf2d6db765ce4c14139c9ad09fa44e6cb75489f3858e45c4000333d2ad517721f81cc48e94de25c75c17cac36bb617

Download Submit
memory/2392-245-0x0000000000190000-0x000000000053E000-memory.dmp

Filesize
3.7MB

Download
memory/2392-250-0x0000000005090000-0x000000000509A000-memory.dmp

Filesize
40KB

Download
memory/2392-251-0x0000000005310000-0x0000000005366000-memory.dmp

Filesize
344KB

Download
memory/2392-252-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/2392-254-0x0000000074C00000-0x00000000753B1000-memory.dmp

Filesize
7.7MB

Download
memory/2392-249-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/2392-269-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/2392-270-0x0000000004F80000-0x0000000004F90000-memory.dmp

Filesize
64KB

Download
memory/2392-248-0x0000000005120000-0x00000000051B2000-memory.dmp

Filesize
584KB

Download
memory/2392-247-0x0000000005630000-0x0000000005BD6000-memory.dmp

Filesize
5.6MB

Download
memory/2392-246-0x0000000004FE0000-0x000000000507C000-memory.dmp

Filesize
624KB

Download
memory/2392-244-0x0000000074C00000-0x00000000753B1000-memory.dmp

Filesize
7.7MB

Download