44caliber | 778e98a63909d17422bbb09478811d51acc4e790d29f91415b5c23865ce17a57

Analysis

max time kernel
425s
max time network
432s
platform
windows10-2004_x64
resource
win10v2004-20231215-es
resource tags

arch:x64arch:x86image:win10v2004-20231215-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
19/02/2024, 20:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

28805.jpg
Size

318KB
MD5

98292d50d2c53d6f735614e1b0b80536
SHA1

8e21b801a7164dc99256d4cb910f36d3e81dc4e2
SHA256

778e98a63909d17422bbb09478811d51acc4e790d29f91415b5c23865ce17a57
SHA512

8d56037ed6b41d779c88e504d47bcbe67fe24dec3b318a45b7888f49bfd12780456d45cc7af60eefa6849ce4f89c783dee009eaf04e97d08de6c0ca199234aa0
SSDEEP

6144:YUP06JN/MtcvKnlzxMhAHb2sqe6sgTUQkPzNd6xyJvDDZFpWC:Y2067o4Kdxj2e6s0jk5d6x0DtrX

Score

10^/10

44caliber blackguard persistence spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/1190173606152511488/v1OAiZaC9GzyANpZ3fPI4-Mslm0Mk61AqOUiFR2Q_-MR5K5dIUaPF9KM4ArYYdGUZVAh

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
BlackGuard
Infostealer first seen in Late 2021.
stealer blackguard

Executes dropped EXE 2 IoCs

pid	Process
3444	Loader.exe
3360	Loader.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Loader.exe = "\"C:\\Users\\Admin\\Downloads\\d77c7e681067216d\\Новая папка\\Loader.exe\""	Loader.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1232405761-1209240240-3206092754-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Loader.exe = "\"C:\\Users\\Admin\\Downloads\\d77c7e681067216d\\Новая папка\\Loader.exe\""	Loader.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
79	discord.com
80	discord.com
81	discord.com

Looks up external IP address via web service 4 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
229	api.ipify.org
231	freegeoip.app
232	freegeoip.app
239	freegeoip.app

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Loader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Loader.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	Loader.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	Loader.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528489186617655"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1232405761-1209240240-3206092754-1000\{448C4582-ADF0-47CA-9023-1DE9B89E0494}	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
3444	Loader.exe
3444	Loader.exe
3444	Loader.exe
3444	Loader.exe
3360	Loader.exe
3360	Loader.exe
3360	Loader.exe
3360	Loader.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: 33	3356	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3356	AUDIODG.EXE
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe
Token: SeShutdownPrivilege	2872	chrome.exe
Token: SeCreatePagefilePrivilege	2872	chrome.exe

Suspicious use of FindShellTrayWindow 43 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
1196	7zG.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe
2872	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2872 wrote to memory of 3976	2872	chrome.exe	99
PID 2872 wrote to memory of 3976	2872	chrome.exe	99
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 984	2872	chrome.exe	102
PID 2872 wrote to memory of 2332	2872	chrome.exe	101
PID 2872 wrote to memory of 2332	2872	chrome.exe	101
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103
PID 2872 wrote to memory of 3944	2872	chrome.exe	103

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\28805.jpg
1⤵
PID:1328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb69d59758,0x7ffb69d59768,0x7ffb69d59778
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1876 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:2
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2264 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:1
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:1
  2⤵
  PID:3328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4544 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:1
  2⤵
  PID:1760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4732 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:2380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3716 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:4296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5404 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5196 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=1220 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:1
  2⤵
  PID:5056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=964 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:2812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3200 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6016 --field-trial-handle=1976,i,1792510084460799170,10976243103223595673,131072 /prefetch:1
  2⤵
  PID:380

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1916

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x500 0x2f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3356

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:512

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\d77c7e681067216d\" -spe -an -ai#7zMap3573:94:7zEvent374
1⤵
- Suspicious use of FindShellTrayWindow
PID:1196

C:\Users\Admin\Downloads\d77c7e681067216d\Новая папка\Loader.exe
"C:\Users\Admin\Downloads\d77c7e681067216d\Новая папка\Loader.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3444

C:\Users\Admin\Downloads\d77c7e681067216d\Новая папка\Loader.exe
"C:\Users\Admin\Downloads\d77c7e681067216d\Новая папка\Loader.exe"
1⤵
- Executes dropped EXE
- Adds Run key to start application
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
PID:3360

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\44\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
1KB

MD5
66622acb0c23058ab48e91884fbd73bd

SHA1
e9849a78ae32ab4b25d74a66110340965c345855

SHA256
e14c127745b7253bbd58df2dc238e438d233649eaf3f6c55e24dc4dcc074486d

SHA512
9f55a0243d4d567bcee502556b44a9420237df46082ed368462d5e0c7ddff96c216cf9d76c6451ce7bdd194e02c1cfc3833e6702443dc86355bdf82a63ecce19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\59c5d0ff-c445-476b-b1aa-45e275a0cac4.tmp

Filesize
7KB

MD5
a00259070366b0b3ef2d8ac06ffa702f

SHA1
8c08daec30d5692dc5136c95e9cfe47089864887

SHA256
7d2413e2bf1f7c810962a6e645ec2b63a2aae4310b7ca62c9cebd5e926be9326

SHA512
f899e9cdf33141ce8f6c94515beead20a87710adfc4ac63dd0de2f2102b16f1e04fd3ffdb2aa7ce254aaef5b23a3ffdd86984303ebc96bea2e8ca7df97a75167

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
a70dd45e6b3e24aefda7339664167582

SHA1
916df8399994c57c076cd450335e882119eae697

SHA256
cb684e1e715e429e446b39a412c98ca6e897cf7525568505782e4a3345faf8ae

SHA512
ac0261eb581c3d5752606e36c0d422cc29af510c8354ec8e23fcc41dbd11bef402b59fed0232758090825c703b1d3036093d6b17d3fd55218f4ec3e6f9ff25b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6cf341509f030b93c5b77db4bc9e9b6b

SHA1
1e2c10f554a1dada41c1c9a9bc12adae300dd1d6

SHA256
c099eb0a73b4d1c1bb3be90d4975552977f6030f39559de4a649e970ff208359

SHA512
e9b4f9d698d43ec5231268b1431ee3d458194c2d5f1590559f8ae9938e9abba270a1f98ea0948bb84b7dd8a64f9fedd7edc06e413245b438f420ea3331f55bd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Login Data

Filesize
46KB

MD5
803f505cd7e9ed0a59e0ff9617a410e4

SHA1
8300f14bce3d26e214e409e5463e75bb5659b81c

SHA256
064d9f0a32a2745d19f577b3aaf0546cd91f9816faf30f0e27c2aa402c80000e

SHA512
eabff29c264e200511e8ccf4895a313eac5fcd35210354418a19cc4149d14d322d4ad1b74e476225b036996e7a195c1feb4b9eb829d4b7fb38c5bbfc791949b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d7f824c481ae83a7b1e420814f0594c3

SHA1
32fcf9a383bbe9ef687458da63a386adebf82330

SHA256
b3604b6f3c4532a602d55781eb2a129c645f5d0dfd7c3e47430f10a8b101e157

SHA512
49c11c9d58f383bf15c8243283342c2d2e4c2a90a8cc35951439e85ce07e3b3d950e2bba7537ba5929743c9a3f61e41f712e4a81a9a5a76b982ad8bfab61725e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d2054f955c5f5f9802be01697f77905f

SHA1
f631a62e7f5e48e658709a5e4966fafb1b30c8c5

SHA256
85db84123db3a6fa043b331b818b0501d36ebfa970b984b82ca0cba2a4a12425

SHA512
376c802c87ed77d0302341560caba58e773aed4975062a6cc3dc70fb9d4f1d41b9ec213e8bb99bbe5089332980880ec73c584e00c62d795038433e4a1a4d518d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d7cbe9e24838b5cf93dd8fea8c6edb87

SHA1
b508055972a0238fa6a8d9948660cab0fb57ee72

SHA256
7dc024e62ab6c1a70abec5c96d12ffac7b8406653d52019bfa8f819f489a7a97

SHA512
14844a60855c5b602fb2b538b458c73fab083d8ebb344b5ee0dd303ddb8eaaf11bbad5c10168f98b8b9cf986cb9bd31187e536bad039a4c1eb96f2ea6f5752c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b01cd83ea7115f50fe17e0e729e64272

SHA1
c5ebe2227856d99932f5b570e0c824f226551e68

SHA256
7d4492723cb73dcf87e9619596540944967e7c343885943dc4384bce6b6fdc99

SHA512
99cc91d926d50db042c315464e167527c98283d6bcbb5e07866ff87294c9d0add3dcd2f62dd3adc2d5b3303e3529d18db7cedf0367a0019f526928f34e9d7c3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
412fab7e51186124127b8899f16f15ac

SHA1
bc36ea4e04f4df88fd9da08feb697f6ea04bb987

SHA256
183c3a9aac7ad658274f82bf150ac71beafdb92c25859c778c961692bcae3aa9

SHA512
dc066eae4f4a023d790f9daa103dfceceefd9c81c8d6f2446a4dea51776b994e8505aa0af4df7a64d08737b5ff08f88893f2e709a94d9e064db786649b2923e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8c7da7097c4f31f823d85cfb4ee93416

SHA1
aa2b83a9045c14825856af44b4ada6c88e5ffc85

SHA256
39d9321b38e5f760eb0dbe437aa3ae4ad5e8ff47fcc9bda757ecadf1dc5ce302

SHA512
a50ea2c54998863efe8762477f0932a34645eb3628ab1c084f91c4fe70ca796b3f7dbaf6e258b90ce6103162ada13e376fdc8667f51913880553b3969e3634b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27347b184930803f9b3e926036456e76

SHA1
e264072aa5ed74f3d53d2abcbccc7bc7c07e5a3c

SHA256
3d17e41e33b619105f50b9bb97b39cc0373ea0520069d09b46b18ad2d163f15e

SHA512
3e6d313f8b569bad47011f2cbb759a7f4bdad79b8f6870bb0042c498ca9b2582b39cbc13b006122189cde2aa3ffc115a620adc62b547e65bbf48baedaafa0b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5e71d0e34f7b21836d58e179e86717ef

SHA1
8c2a25d056aa5148dc61339d2dda8a9f39f95a6e

SHA256
eba735bd68d6f2bade89f72cf5f3d9b380bbb7f7b0fbffa9516a7d4cfcd608ec

SHA512
9aa2795a99f3ce1cc2844cc6a12a518ca1d62770f0e33e0886a8d5534df8b853ad5f6ed0467e53593c87489e4a371a8a6eae51ce63fa8a6c08992633cf5237c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d53e6ca745cbf956c3acd712c126079d

SHA1
ca84acc8d5f6dd6d07c4c944aabc284986ae3ee6

SHA256
080721659fd1e4ee7211ac2e0108b7a372d1fc57c6f07b0ee37327cfe0e2e1eb

SHA512
3b493d0afc2d2ae130177bbc60025c8f6fff5939186029c4bc2265bd44f0dd20b67e0b7674bf15b60b7f5d56767e3451a4848b21aaf4fc742d045f5dc85e23e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d475e88073356790f4f72dd887351720

SHA1
23eadd97c3c4c21781e2819f0cee60319dbb7016

SHA256
ec039f72c108041182fd6805c34c4880ce1a2fab82af6855d742aa1c3c8d06a2

SHA512
a80345952cc33e038b287ea85bdf0802c58b715c6b831d614db1fcfc75063790937588d0c9756f03d4dc4030afbf03fd302610cf5c21a8e0ab2777c3dc42e9bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e54d12f5d981b7c7e113731c06140d31

SHA1
7b7f97033c47c7bc5c157115c1ef199d0f9b71a3

SHA256
1dd948bc18c5c73d5fcdc792d5518c1b54225cd9b0a70cfa390bcca38918e095

SHA512
6672cdf04cf4c4c5125f1476a44bef2bc4e519f5f6cfa469871fea23c6e5a50cb303850781bd7fa104bf80563de58ddca4f4b527089936a9ee31e5f746221dd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e83cfc853dfdf5f7c27776a55d5260c

SHA1
b92528ce4c2d63063b4a82dda205127f96e40780

SHA256
a440240dd6c9f9223a3801f72b7d79d0efa86d58bec318a9074bd08601746c65

SHA512
c3de70f9ee58a71895d08252576129c5d1a311ef8c77d050d1c3178607c934f0a479b999cc7aed8d1fb749a6a270582eddda5d0b335ee7c7eb87f9293f2c6d37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
3812d2df8a09729960c35b3e52ae463d

SHA1
c0756d63780507b0981dfbaed9e8a9ef006f2450

SHA256
126c205f08b1f86648f1a6146a5b5c52477aa298ce16a531140581076605c50f

SHA512
f6307ea4b05c3346a8ee78f1440d9f38897e0dca132de50ee01aab76157f2ce2a8c5e3b7f7a39baf9d1d4da74f015e010e36e922e077eafd1e64d9a7943bfac3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\blob_storage\885e2241-5e7c-4a92-96a1-e1f097713644\6

Filesize
7.9MB

MD5
66281bbf7ec1e7bdf41e5d3c0b275222

SHA1
8ad85cea14be7185cbba82f8532c1c52d602bd67

SHA256
29a64565798135a2777f6e2982cb0aa6ba4cdd77b4b3265c0f6f50e6bf32f2f0

SHA512
d4c9043b0751ec8608acb35ac66de154e9ab5ef5fdf9fd82804a6049c520b026eb762813580488a37741a4d07d1b614a20eb97d84de0f5a343a011fcd66aaac7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
a9f90ee41c5b0fa85ad211878ef7cc6f

SHA1
f3ef999f2f97e8af2dbaea4264534b979f107803

SHA256
eee1f74b64cbd357afa7cbe33162c00afeae67ec328fd23edb3ce0156888ba6f

SHA512
bd521b73478607061c093a0d2aa7b3fdc8be53f7568b1c2dc8f35a0a881a64a9b5bf6679c9aaa5082790b363d80fd236ba96078be133b5dfab88d42a491f31af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
50d18ee8c5cb993c46487f18530742da

SHA1
db81e9d1412473019d3158475dad1e8c7a549eb7

SHA256
dc8473e86213944876f6109d86124ae61aadbe86407deba3eaf0e55597cfe04b

SHA512
0d29f040ae562b642c65ee49f7ea600b7a241904067421ad2001fd6d7449ee0f7238cc5e333e98f9ad57f538b0fb27e13bdd1eaf33c70e98e92b17e12b28c435

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
240KB

MD5
f3c5ab05fed10287a34ac78e545e2a14

SHA1
8730e3447fb3992b7b113d4447d008fb4b15b03e

SHA256
389aab140bff3e0494c34b4eb6fc5b758969fa7bb49e8a273345985e879e5184

SHA512
43c4124e213a97b9fac249a85226b90d785bf2cfcfe2613e6d454779eeab59777078b5937abe3001c18cd9600326de918adf0f16c06bc6204790e05f8f01eb80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
b7d7371ed4dd5259bbeba2937b112960

SHA1
b8e4a1137ef0971cb73c5af984a5ab3119db17d5

SHA256
8f361d91eaf3c2a377122121e2a38fc555f3a639197594cf669fd1471280ba85

SHA512
b701f089671b4cffb69c6ebfc23d819ca77ce221ded6ae621f746148ce5bfed2560dccc1ad0c43bd098b12dd4eb816563d120fefab41c1861dd50963c707c067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d30e6.TMP

Filesize
106KB

MD5
62add5260dfae360e842c35de0849635

SHA1
4fe7928c38b6b19e51772678426452f0265e5cd9

SHA256
a95ac4b8e405c2f0c7f4cc3301471fb443082400ef6adf46056e0126e4ecd59b

SHA512
1d073c7c403782942ed3ccc7483f239f0438b1fd7f06c76f4e45f136b5a44d0494c4f2ce2898510637be808d3f1dab5130c8e5c55c1ee19a3462b5110f125c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7bdb05fc6ef87c537c58cc9237202436

SHA1
8196e02ae5aabc35fadc3293d4b9c6d789cb03e4

SHA256
ee4a8891c9df88c24d1ad28633c287d8b4b7fea1cb1d54f14b424299c194bb3c

SHA512
d805b2b81e19317e5c1eb53b129f412d50c48e3d897afa346aa5edbed7744ae2a32159265f6d7941c3ab6450b8ac29d8fdd7033824a4e88211850c8db668b9c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\Loader.exe.log

Filesize
1KB

MD5
fda5f812bb860a91ed22c18dbb774027

SHA1
b5c142e0be38046fe156bb13b32b11896d4b687e

SHA256
1f02a25666693d1555e81de6b63d361190e39c75fcafc1f75acb40e6e0929e25

SHA512
50f414d52e11fd82050622116471d03426971f2605d1a10a1a0ea149f5219ff74ea850bcfba837aadf7f4b7ba70eec5491d8056aa5915dd8a427383dbbdfe036

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBAD8.tmp.dat

Filesize
92KB

MD5
d63e3a8d4109b7212d419e17141dd862

SHA1
c9637da0763277477e60128ae2cd26fb314fa80a

SHA256
0cdd05fd9d9515c99e713a0cdf201fae20cd5db884c08a292ce16471725c521f

SHA512
dfee6ccabfe03415bea0d817ac0c393e98b54a0dfff102f0eee21c8e85d903e11a073aa97b7a3e8b95d88d5f86afd4c9782e7618e3119727da1e01d4895315e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpBAEB.tmp.dat

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
397B

MD5
4b41546e21a11004b0d464bdb7cae353

SHA1
06823aca87be8ebfb53396eda21855a819ef3046

SHA256
5ccd4619be1b36dfa0dca2320a0780881c76662bf2f51b288651d0d387c4d399

SHA512
52e876aab3f99c648b1f46f0504f52d703eff58ecc74edb61547e4ffd39a751c9a40c04dd5deb120c011aec7702302f664ca9299a5434477093fffa45b074d4a

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
778B

MD5
9ae562e6bbdef38714c2d6e855c09c5b

SHA1
c0a250426002d801b1602088bfcabdaebd4a2316

SHA256
d6020ac7cec0a98660b046ba19711b2458c37da970120ad38a998f4402938ab0

SHA512
022950f25106545a83c4a2015a4849f8d313750315ccb42ef111a6cf7242f6e79819b6653866efce12669fabb211cb3bff8c4cc9e3eb9c429daf2b8e5413ae8f

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
1KB

MD5
c319a4e4e5698a6cb457db81e436980a

SHA1
5805bc769b93298ed619b67eef27bcb805b6ffaf

SHA256
d9540140e25e5b9d3dfd66a2a876aabc3313460c0fab5502b48c730de91d100a

SHA512
44853736882e728599d2d4b729541f522cca927b72d31a19250df1c12384b55b525708a19444df833e7643353b0a2e1c0b9121eb6f7e4d107045d63c4ed036e9

Download Submit
C:\Users\Admin\Downloads\d77c7e681067216d.zip.crdownload

Filesize
2.2MB

MD5
8d2a72f6e684fa716401b0c782944083

SHA1
7c9d1ac904bbcb145dd5ec3a69c5bd182e4bc324

SHA256
3708cfdcb87c1b6084f119d78c738a77d3732de357d758122e29dd8b6cada607

SHA512
3f1c3450442c9460496a2bb08139c0840092c33d653d62eb394ec172174d782b62b0278ffb01d0c2faab408b21554624a69ed9ec47828607f01148fd24d46008

Download Submit
C:\Users\Admin\Downloads\d77c7e681067216d\Новая папка\Loader.exe

Filesize
274KB

MD5
6b079aae461ac11effa2651cbfdbb0d9

SHA1
9822db2ebbf282d9aecbe33e94dc5401b74f9a4e

SHA256
a0a3623a34053979a1947af444f483b4528a1f7f8da498d388cd953894f54cf8

SHA512
5a9f6616d1ac4ebd83ef67ebfdb216929043dc4333db15366f08b73b80f28df9aadc2a335cf1da52ef2d9fa415ae69321ae731fc26ad598f52a8ace6919004c6

Download Submit
memory/3360-1006-0x00007FFB58950000-0x00007FFB59411000-memory.dmp

Filesize
10.8MB

Download
memory/3360-1005-0x00000233E9210000-0x00000233E9312000-memory.dmp

Filesize
1.0MB

Download
memory/3360-885-0x00007FFB58950000-0x00007FFB59411000-memory.dmp

Filesize
10.8MB

Download
memory/3360-886-0x00000233E9200000-0x00000233E9210000-memory.dmp

Filesize
64KB

Download
memory/3444-763-0x000002C8AE9C0000-0x000002C8AE9D0000-memory.dmp

Filesize
64KB

Download
memory/3444-761-0x000002C8943A0000-0x000002C8943EA000-memory.dmp

Filesize
296KB

Download
memory/3444-762-0x00007FFB58950000-0x00007FFB59411000-memory.dmp

Filesize
10.8MB

Download
memory/3444-768-0x000002C8AEDE0000-0x000002C8AEEE2000-memory.dmp

Filesize
1.0MB

Download
memory/3444-882-0x00007FFB58950000-0x00007FFB59411000-memory.dmp

Filesize
10.8MB

Download
memory/3444-795-0x000002C8AE980000-0x000002C8AE9C0000-memory.dmp

Filesize
256KB

Download