8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f

Resubmissions

26-02-2024 18:15

240226-wv4khsdb8t 3

26-02-2024 18:01

26-02-2024 17:58

26-02-2024 17:47

26-02-2024 17:30

26-02-2024 17:25

26-02-2024 17:07

26-02-2024 16:42

Analysis

max time kernel
290s
max time network
286s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
26-02-2024 18:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

gato.jpg
Size

54KB
MD5

cd869039e351b02dde534759ae627caa
SHA1

8c227c8532a3106c82009117500a53fceb8adcda
SHA256

8fb5890f75d501936e90d1891cd97c8b23396525842fd741f9b9a441405cd01f
SHA512

81a5b30497bb3cf7b6257728ef5f04b2e45d1ec23e159035210292b13514a82313e19c68878f50bd10a9382ed5b6a83c6356d2d2c0607a79ec2e8afbc9bc3fc0
SSDEEP

1536:g6taN+v7AZswe0Q4qKjLkvqwWsXcWQeldDrVh5Bh0K4:QEAneazLaMWQWdDJh5vI

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\~~CB = "cb.exe"	ColorBug.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
92	camo.githubusercontent.com
98	camo.githubusercontent.com
124	raw.githubusercontent.com
125	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133534446394877185"	chrome.exe

Suspicious behavior: EnumeratesProcesses 31 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
1780	chrome.exe
1780	chrome.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1308	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe
Token: SeShutdownPrivilege	2984	chrome.exe
Token: SeCreatePagefilePrivilege	2984	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
2984	chrome.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe
1308	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2984 wrote to memory of 2936	2984	chrome.exe	97
PID 2984 wrote to memory of 2936	2984	chrome.exe	97
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 868	2984	chrome.exe	99
PID 2984 wrote to memory of 808	2984	chrome.exe	100
PID 2984 wrote to memory of 808	2984	chrome.exe	100
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101
PID 2984 wrote to memory of 1248	2984	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\gato.jpg
1⤵
PID:312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc2dc19758,0x7ffc2dc19768,0x7ffc2dc19778
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:2
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2228 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:1248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:1
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3064 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5052 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:4728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5280 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3868 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4560 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2812 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5820 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:1852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4708 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=856 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1652 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=212 --field-trial-handle=1964,i,11846054450598680740,1951554618666325240,131072 /prefetch:8
  2⤵
  PID:1624

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3940

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1420

C:\Users\Admin\Downloads\ColorBug\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug\ColorBug.exe"
1⤵
- Adds Run key to start application
PID:1576

C:\Users\Admin\Downloads\ColorBug\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug\ColorBug.exe"
1⤵
PID:920

C:\Users\Admin\Downloads\ColorBug\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug\ColorBug.exe"
1⤵
PID:4796

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1308

C:\Users\Admin\Downloads\ColorBug\ColorBug.exe
"C:\Users\Admin\Downloads\ColorBug\ColorBug.exe"
1⤵
PID:3952

C:\Users\Admin\Downloads\FakeWindowsUpdate\[email protected]
"C:\Users\Admin\Downloads\FakeWindowsUpdate\[email protected]"
1⤵
PID:920

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\88b4fc67-952c-449c-b8df-35518df3180a.tmp

Filesize
7KB

MD5
751fc6ec15fb25a45c87cef5c7427ec9

SHA1
e647e2eafcafbc9f6b334af94a451cf6aa5d7065

SHA256
d3031e3f5be22bdfc63213abb29a0ccaa9e74ea21d85a6c8ffe4a1f72d19b0ee

SHA512
e7b3d58af648d85c29ebb9d72bc4f034dcb565d232101e74c44e9e17f7977588faddecb3b82bb26bd95da3b81f07cbec18348100909350a46d2826c53e58320f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
46d5de925f141950cdff7ed13f63f40b

SHA1
715aa325365d34a52e4165c0cfbba970c119b903

SHA256
7df867cf29a07454568d5ebee197ab1688405a27402ee76b0313748adba73ab1

SHA512
c60db7fb612508a213bf547d1f490ef7b1cd907881c2beb1a770f73d6ace268a39f3a4b90e90522c47bd371a07ec1308a87b6caa86993c4069c0dc5c9275adc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
b0ad61adfd08a901c1a77278160b1994

SHA1
32d972e2529e8f09933deb741b955fed0601c8f7

SHA256
4e1ab909018886d12268ba74b16effdea962fec4e02b6dd3de6c5c2d4efd70f2

SHA512
2a8a7a94823d904c689710c6bdb8f85d622595fd15c7f4f7422ec5062e09aac910a10df22afb2c78353b86312d7ae6dbdec20e9998b428c13279bff4e5dde4c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
1dacd9ef3c8b8ba67c44d6b7cd9a2651

SHA1
11728d7f9a761fc8ba35cd2cf4ffd820e7b16845

SHA256
83edd06c34cfa6c02de4a96436ce9c9276d0b9e7a41e43e181441fe91d067aa7

SHA512
d2bfb60c293080012c463af3b68fc172c0c7ff2c022f598a11a4014a2bcc96247ee5f20c7208359fe29a75c15612e8967398bbad1ca9f4e4d96f3710ab509cc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8103b757b495a624bd65ec28e5b0e760

SHA1
3f633f4070daad971a7612c72ad7912cc9d7c0db

SHA256
d665a78536ac3d67d511980d1124dcbef014debf1500e70c92954a90e46cfcda

SHA512
dafe85218decb9662754345926972bb465e67ab435c30f86598a842b14ee08eefde524aa3d4f38afeb060a83425311db325fdfd6cced316a3f8080f51994a7ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
71bb94765450332f6c9f24ea4d239bde

SHA1
aacf7c563d85c77a7db498102b5dc3c85052d785

SHA256
2c0ea687ecd0123deef2044b54dc9b215a8dfb87597b2c6855df79a5cf0da879

SHA512
698c8c1923cf565fe8403ae23f58bd779bd6e3769ce86382ab65302eefc8c6ceb2e83d5dc49cc5926df10ec0491d6e86b3d172575b1b687be1c46b212222bceb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
632f5c5ea80ee7dbf7ce40a2bd13a66e

SHA1
aae18ae20dc503cb30f0fd26beea2d58c0aa4ad9

SHA256
e7e79d0832fb6d3136a8dedd7095a86a91e371392516fd397f6c9da1f667d403

SHA512
935daee0ba6fa7b776e5847e89aa94eb5e643b67e48ae974024ed64641ba48757ba10badaaf9a3b2e68831e138f05817a62853b4c7e0efb538b69a7cf3038edc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
407cbe7e0bf35c07d4e44de71651686c

SHA1
9ea38f8238b4a9316081c4906057416dbbcc88ae

SHA256
7d02568aec86b9924317e5d5dbc5c6e3552e0cc8b18a7fce85f47fad5d1c5827

SHA512
180033fff11c899e8d520e63ff07e1e4b570ffb62027badaee87b767f5956e1400047ccef601a940005ad4cfacf82883a4358ad89a2247920b191c75c3daf3ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a56489e13aaa72815b52b2b07df6657a

SHA1
a6651266242df16c962a5f1a36126136c9c4e26f

SHA256
82f8d9cbaec2e07171b148a17be2f9ddf88dcce613dd10815b49e8409a9fb427

SHA512
a2ff2bc156cb25eb5d1a06fc673e97043fed2e2636b009639c2a8a47e3862eeacf218983d5c85cc35ff113a3f7088cd2379046bf87ca24ceeded341dc99bc472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
ea9b3017b6e3e750f660d5cc4d232527

SHA1
de75741d9f11fb231e2ea5af93c58517192a65ce

SHA256
ebc471b8229e0a0d168fee7e61ae768808ce70d8040931ad9ae4c26090adbc21

SHA512
5a576ecfc3ae2431894bbdaf0b90a70b6aaf2fa941f90d340a6bf68687ea49239fcfefcab2f973c4d53cc32f2e6b3877c8e09eef8f6d85a2588d6ce65f24bd65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2bd2ed587c59b8ac0c0897044fc2a42a

SHA1
ddebf60a5808617c0e5be425a28384d3fc14a274

SHA256
89afbe5884084d314868768fc16a204f933233ee3384ddfae236544bbf8169ca

SHA512
612abe7a38ed3a2e3ced3c137cf8436e1057f1a41e2f665130df9c8787094a94fe04436d4f36f30abfb8f2180fa470b6ce08b5e1b0cbbb89891bfcbc298613af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
9c3c05eae3f67479bd58fd044c8765d5

SHA1
ac4044be5215d8d4baaad37ea617b781466fcb36

SHA256
df913b57522420b52a2ec1aab1ea7329099441bd12e83e5a80454a686f0fce02

SHA512
ba6f234413fcb4c50db5832f686068924d5cdc3042746919ed7a74bd8e520ad8d0a2a9dda75f77816c3cbc1428608b2b055372ded4552eb59468b89524b52624

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f64eef4c96608a6087e148737fd80265

SHA1
191b6201ae2d8c8ab8f2386e6c529a5113705e63

SHA256
2f4259cffc9a0ee4e8d3296b9d46f0fee165997e3ed6cb32acc3eac0f7cb3fbe

SHA512
ba933b542c1ebcbf5bfb664298520a318f97c1ab5db28c126885f1a570c3a1258ab43d1743cf0fa4249340f566aeae8c81760134af574f240d46c13d92135133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7b40f2bfeaa551f6a37c4a4a94e21300

SHA1
185dae660fead0e52436c9c0c6d034b70a0089cc

SHA256
347d8464c6c9dfdf05a66e462112f1e4ce22a695286123925c1f40b25989ecc8

SHA512
fbf9eaf24ec4fa1c923e9f4ed607e9dc8d294acf42245e867506e7c47e46c8571a79d00b33119a3a40a0f1fe423df065670d0e8d3b1374ce7d5fb2875ca920c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
fee3037d66c644ca8eefe52695d9f351

SHA1
7706fa8fe092bbcb2d7d7a529b3f04561de24977

SHA256
8c603ebdd3d7e1bc62c6fa7c9e3253b0981b3d2a3af59318cf214de383fe3f9b

SHA512
04e14da81fde54662778f67fd7b2c007b4a497719153988ba5716283f492f53cd9b5d5e2e203c6b43e6dd7341591ca211b51bd1ee92f7dce749ce7ce2a0b615d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
b6206c0f1bd2dd649d486d2f834823e1

SHA1
6dbc2a726fe02ed87747453a17b709b9c051f108

SHA256
d397037b6965ddffefda0c50a68ea92e6d11494f31f17155e52e7d976deb314e

SHA512
c6b5faae1239fdddc99004bda9d50737934e0c457a8ac60debd8ae69f25b5410869ef0d6cfbf18eaa874a6ffa4a5fcc446d0e47cd0f844213d6eae7cf964eeb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bbe17ea1b53ec57846307e40e291a08b

SHA1
1d5de63bdc5e79801893ba1054d2944a980c6614

SHA256
793f92d024adf49af55e89be582a3e6d4e1b4bc168c7d8fd01ab71351dbda047

SHA512
cb57579e0298f63662a2c0fad5debf3cf2f3b079501e030f48b9a14a069d2b19d451adc90a8c58049d2ec99b6119ddfe8234a3e37963aab48cb474c3b3cb2744

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
261418bbfa7ff5404f33665f5b8ec159

SHA1
b033fc3b49cea2b2239367ff7413d16a4ec2712c

SHA256
48cb51575851596fa2b49b33b4c9711045c9f9324f70e76f0b0f2a023b8ec35f

SHA512
5ade5866180f04d3ded0da0e48c0b1db27a50e3c4405946922c9a5a3c07bd996b353f4dbd333484f0f590661a39ab2832dd3ae8ce983b0a2a0a861ba3c279c5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
03d385d6c04d1cf3140017273421783b

SHA1
1ebea4f82c00ff117607805caa3d9c3bbd131057

SHA256
2c09f3d51ee70ee0a7f68f980e72eda85cf55b295fbcd083b3b93c7617b99a6d

SHA512
70f07a3db9c3424b28ed442bca4c136b4a698001576d9a862f065d02fd4e36a88b1c69206f2ed8010afe12adb449eb78abb75d7a793efa31fd4049b0db0160d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e0337e8a99278783ce45c5abb0c84ed0

SHA1
315f744d37c19503332a2ed56b8274832a8be45d

SHA256
62226f29dd5ba009533616757d102774e98e1e65ec688232b352e824c0b15254

SHA512
7e1e963a03061e41d813173a8332f745bed1bfa447670cfa5b5cfe57328dfdaf4974412d8340af7ed05115064c8f34448780b335ad3288b7cf6eec29069c72e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
62c809ec7db3b77290012afdb14a5a81

SHA1
761cf535b22f6018709690593047f42ac0e5c2da

SHA256
b01e5df99a3ac29925cef4a91169062f8c3f6a7f7ab2988e28553d9a73b77627

SHA512
533d43884fed9a7726d0e5791e4cf332cb5bc7be246ce74a7857139e45f8a2e386b3c6eb552a700253aa5cd4731aae3f2c0ca471ee78b920c1826556af307b42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e37577e8e3222e869186302da3e7a640

SHA1
51d5b33271a2e748b5e1478a724c543f6e1da6ed

SHA256
76c3ef8dcbff6c013df5295498ccb128cbb85a95263c9317e896045d57f766f5

SHA512
d949f30af1d6979232a45982c61a8e4f6b5fc5b1f803333423e5bd85bee0d1afd0e9554ec864f10167b7105edf8cd1fcd68505d1e63274ad02bda44a81705f03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
05fd7f1e7a4cbe676cc04b75e415d7a1

SHA1
8dc786acca19c1ef8dc2d6413a538c77153eb887

SHA256
217e612219ca47913a0460dc21bc2600a63fc04beac9055276656bdf281dda77

SHA512
1d04af63d06bf164d544060d289cd6f63cb05c63b3d2d4b52a657e8e0f7163cdb63a5129ef9288d061e53754020508a73a8700d7b14d51a9948d2a97673ba9c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
254KB

MD5
2e71a891fa43785553ca66443df6179e

SHA1
58723f734e5f7d0492ab0e10101cfbfd56fbfb7d

SHA256
00d440a2332e83ecfabd64e2ac7a40f3c839191310db7cf5e582493878118811

SHA512
9772261fa35f910d8ed4dff945d0a4310517d88ee90982fc41be14f26a786aab691d0e8bce35c1dc63dc1eac10c44b2610d284d46e41b00d203eeb0c63a73cbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
dbd90d72a0bc050ffd5a0378ba954124

SHA1
de3c895678795574d7767ce3a74235ebb11e71db

SHA256
ea9267acac38d1ae8d7d0e26563476a9ae68416aaaeebb27ffd87a0ac5906cf5

SHA512
fc7c96fa64928f9298211e42b9bde0cb05946c0dc40502a5a4650e2d8768b0822a46fcd274d177648a9d772a71460e7462bb9f21c1d614f266df3028e405e47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58c435.TMP

Filesize
99KB

MD5
5921fef6c0a749909dd0e105ab542e25

SHA1
8c2912501351393d7315ca7343fc619d1b2e83e6

SHA256
246f9aed073a1521a06e230ad44a9f1057f7a7c2e65dadf36f8363e49ec726bb

SHA512
859de2c402094a48a914caf8bd60322fce69784a480a853c895fc00c0133253191bb4bbaa3013186387e770d2bd03db4467840e22dda0cdfa000066755705293

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\Avoid.zip

Filesize
241KB

MD5
19851e369fc50763189442e3c6694712

SHA1
d2e47f277743f3c4253bc2ce85bb40cc67c87b8f

SHA256
8a9d0115b56f9a6a8ed231d3400e1362425e265e5944a0ec0903a70e888ab171

SHA512
f79ba6f1219f8e10cadc3a4a5c8ab2051affe3b9bf7a4edaed505dd3acddcd57327f6cb1f728e37a74a78d685a9bd244313a629cdffea58a219a7eb4615f31de

Download Submit
C:\Users\Admin\Downloads\ColorBug.zip

Filesize
28KB

MD5
34071c621da9508f92696709d71bb30a

SHA1
5817a14b8da5da5aecd59f5016c2b02fbbe2f631

SHA256
ff2e6648e019087c2ec3c0f9eab548a761122b696caca171ab88e414ba5615cd

SHA512
eb4c3b5ce9a4d6e979565d44c1a1432272bd2b9d1b83ca6b03ddc9982a5a6c341126ba71bbfd0e8d443ffa93265b6d205c187f586ff0bcb708965d2db6c98b45

Download Submit
C:\Users\Admin\Downloads\FakeWindowsUpdate.zip

Filesize
604KB

MD5
9e94a2a8c092b611420f8bfdbac7beb8

SHA1
38e21ee8cfa81fd26dabfb0923b108b54db6f409

SHA256
8f8f4fba17fdb1538ddff73763cf6bac274f2dd1fd53c4656d45f496ce690f12

SHA512
dc550716d82bbd3f44ad25f67d8d894d94e5cc1e15c996c9a6e3d9fe5fa9acfe5d2b9134736d72c4e2a72434298e6419987319242776e7bd68e0a87783c0fef4

Download Submit
memory/920-535-0x0000000005340000-0x00000000053D2000-memory.dmp

Filesize
584KB

Download
memory/920-543-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/920-537-0x00000000052E0000-0x00000000052EA000-memory.dmp

Filesize
40KB

Download
memory/920-536-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/920-532-0x0000000000960000-0x0000000000A1C000-memory.dmp

Filesize
752KB

Download
memory/920-538-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/920-534-0x0000000005850000-0x0000000005DF4000-memory.dmp

Filesize
5.6MB

Download
memory/920-412-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/920-533-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/920-542-0x0000000074620000-0x0000000074DD0000-memory.dmp

Filesize
7.7MB

Download
memory/920-544-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/920-545-0x0000000005540000-0x0000000005550000-memory.dmp

Filesize
64KB

Download
memory/1308-433-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-443-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-432-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-434-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-444-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-438-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-441-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-440-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-442-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1308-439-0x000002482EAC0000-0x000002482EAC1000-memory.dmp

Filesize
4KB

Download
memory/1576-411-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/3952-454-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download
memory/4796-431-0x0000000000400000-0x0000000000414000-memory.dmp

Filesize
80KB

Download