hxxps://www[.]dropbox[.]com/scl/fi/inx57c8w4kdkv8spy9y0d/CeleryRekease[.]zip?dl=0&rlkey=snnm3dovjeie7y1s7605e69x7

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
28/02/2024, 17:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.dropbox.com/scl/fi/inx57c8w4kdkv8spy9y0d/CeleryRekease.zip?dl=0&rlkey=snnm3dovjeie7y1s7605e69x7

Score

6^/10

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 10 IoCs

Web Service

T1102

flow	ioc
140	raw.githubusercontent.com
145	raw.githubusercontent.com
147	raw.githubusercontent.com
148	raw.githubusercontent.com
149	raw.githubusercontent.com
137	raw.githubusercontent.com
138	raw.githubusercontent.com
139	raw.githubusercontent.com
144	raw.githubusercontent.com
146	raw.githubusercontent.com

Program crash 3 IoCs

pid	pid_target	Process	procid_target
220	3528	WerFault.exe	123
4636	3544	WerFault.exe	128
4440	2580	WerFault.exe	132

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133536142749074519"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3270530367-132075249-2153716227-1000\{F858A053-3323-4ACF-869F-24770B300442}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	OpenWith.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
1760	chrome.exe
1760	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe
Token: SeShutdownPrivilege	5036	chrome.exe
Token: SeCreatePagefilePrivilege	5036	chrome.exe

Suspicious use of FindShellTrayWindow 38 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe
5036	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2632	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5036 wrote to memory of 940	5036	chrome.exe	88
PID 5036 wrote to memory of 940	5036	chrome.exe	88
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1812	5036	chrome.exe	91
PID 5036 wrote to memory of 1996	5036	chrome.exe	92
PID 5036 wrote to memory of 1996	5036	chrome.exe	92
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93
PID 5036 wrote to memory of 1148	5036	chrome.exe	93

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://www.dropbox.com/scl/fi/inx57c8w4kdkv8spy9y0d/CeleryRekease.zip?dl=0&rlkey=snnm3dovjeie7y1s7605e69x7
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd3c5c9758,0x7ffd3c5c9768,0x7ffd3c5c9778
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:2
  2⤵
  PID:1812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2028 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:1148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3040 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3048 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:2268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4804 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4740 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5548 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:2052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5024 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:4344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5568 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3756 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4960 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:2236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2584 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:3212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5100 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2812 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:1256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2452 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:2196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3304 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:8
  2⤵
  PID:508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3148 --field-trial-handle=1884,i,15673316752403139791,11233939945121875208,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1760

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2072

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3992

C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe
"C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe"
1⤵
PID:4440

C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryLauncher.exe
"C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryLauncher.exe"
1⤵
PID:4388
- C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe
  "C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe" launcher_ran
  2⤵
  PID:3528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3528 -s 1544
    3⤵
    - Program crash
    PID:220

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 440 -p 3528 -ip 3528
1⤵
PID:3656

C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryLauncher.exe
"C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryLauncher.exe"
1⤵
PID:2236
- C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe
  "C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe" launcher_ran
  2⤵
  PID:3544
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 3544 -s 1516
    3⤵
    - Program crash
    PID:4636

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 388 -p 3544 -ip 3544
1⤵
PID:4044

C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryLauncher.exe
"C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryLauncher.exe"
1⤵
PID:1856
- C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe
  "C:\Users\Admin\Downloads\CeleryRekease\Release\CeleryApp.exe" launcher_ran
  2⤵
  PID:2580
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2580 -s 1512
    3⤵
    - Program crash
    PID:4440

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 532 -p 2580 -ip 2580
1⤵
PID:4360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
036db6a9fb445f044464ecaa35d13b6d

SHA1
dc0c6e9b9fa01645ee57dbd6a94e683294c086c3

SHA256
65122ca71bc7ec11ec9526a0dfd8175e7da8298137804d599d2c276ef96bfd53

SHA512
77fcc2ae5db0b79cf409cfd8e91e35a43b5355a59e0afd58198ec991ed7d605194593287030b212de991ba4259050b0dd3f1254c118e6e62a8bf16fad157d741

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9bc5e669c8ff5f5b12debf751a6da82e

SHA1
13f9a6b0ccddd71e8d17479f55c35e2c42ef62b4

SHA256
7984b1db325a3940636c154c59da4cb9f5432000c78342f3c232a0d159c8ee14

SHA512
d3070574695ef46a6070ebfbab3ed9744f30983d1ef42367cdef9f84aad31c7f499e00bbedced02a6be96303656da90befd89b66bdce836d90f744edff301e37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
88fefc395b0a3508cb4b445949cf7f12

SHA1
5f07532ad6de78da0cb410ca148bf509f39b2566

SHA256
da385ea46c315e17f4ad5db3fd7831ec08b15788287552918c1f6b5831b8f03e

SHA512
8045ee4e0d49a33a94def1393ceb8de42464771168cb24297881713f0bcda6212032ae3aa089a8f51e1db4b918283400881204567c20f41de82d33742e802563

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
fc486dd28aa00baf536f4ceaebdaf77f

SHA1
8b949ffa20871d965e485adde3aedf7dae0b74cc

SHA256
831fa1657e0ae91cc6e7948a81b142a67e221daa28e7654e771b2ccaa39e16be

SHA512
eda7166ec39487af0c0f4abd98781fec3049b92b716780633f999f3af86b2ba6056ac526dffb86a6ce4aced7aa029c881c6c6ef942fc6017a9e55be13286f02e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
7681d146c4ae161c54b983afb18ab287

SHA1
7dfd8eb9a2cce3a12345703bc6a85fa315c488d0

SHA256
baa235b8df35790f01d0d954e48c3b09814e1681259ca817cf52e475c45c4ea0

SHA512
d279829850ab7d1a1c53b61fd4009e23d003ec31833094ef293996cf06febc1f328c71d5441961e934f346021801eb5c497a9aee35cd2666728f597ad845e23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
15899d0bf23dd53d30c624b0da059180

SHA1
ac8631a16e24cfe302302ec92073b296ac2ba496

SHA256
12ea31db36ed1c0f551e31b59e6c4a37f7f740e8f279890013fd3b774f79a504

SHA512
cbe366c6e4a421a5ab972765ad4b7e35730ada5f160a4e81a9931de0c30cc33845255c52a83adfae282b3b9e31fff3199559214c8bf338ca36cd99ec89890b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
0428fc1d69c173bc9d236671dad52151

SHA1
ae2a21ae16fc66cbd468942633af18f122bcfcdd

SHA256
c9d17ac3122418af3ea25a7d4907f77f61824129f6ed43c7a564239da178a7e4

SHA512
3288a46cba37ea057568896fd85493113610977fa01b62d25c478b74332c00a674d15943c380037bf76ec68dbfe39e3807f9085e5cc62153d13387643fd0af85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
27382e575d05ecfddc83ca86f19d2252

SHA1
f515b695f244e1fc9bcada3a1098beb756362204

SHA256
a90a4577460f5c2055cdcda186627b2176f9f5ff4e0c0cf8f98a3525df820595

SHA512
6a7bd8e558c5bde07a2b3c0ff3da12d45dca48ac1f70c3dbece819cbcc3591d50acdf0e40b73d1afc21152f6fd0d68c2b889be2f589cc78c5cf3f0a027ec610e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8dfe4e81fd2fe143a09efed944744e5d

SHA1
87adb5604a7784891eca860f43a31a91d5ad4941

SHA256
fd3c2b85b4559fc82c919bf4eea50cc42b53485c1b1e648dc2469ce5eaf840a2

SHA512
01800f06e28833cb69e939d72adccd0ccc49dcfd6b634ee8712cf8435610235003b339af634351a30231cb32652dc2971692fce0f268b5a6a6c8d1eb293cf27b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0fdcca3707f947dbcf963c33655171ba

SHA1
862e29e8288bc629884761e98b8500cf679df7d2

SHA256
c0e1cdbd3bd857bd964cd3b335dbf43cf680fd64c52169a5253de78d862ca4d3

SHA512
0e7ec3ac9b0e022fa02d294da849953a7fb39716c856cc2c48072405d1b3d0983b6181ab30e467ae5e3cc236d9c8148e2021d5dcfa519f1d396dababcdd4bcc3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ccbd00066e384180be3eb3050e942697

SHA1
d2ef854b0a22541971d4bf511bf044514951b3ac

SHA256
af040c10c25d31c0f333edfcae1826a682a637bb064e90769fb62fbd830b8df0

SHA512
0bf880dfa8c57dec56e7b6d75fffd3b3ff946499c47b3f6880069a88a0d0264559041a09d36c9a33f76527dacb5c33ef98c80c97b19dff008eadd91cbc143ef2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
13b6631fa097a0c4a25ac511c1e6d736

SHA1
eacfe4ef107ec6208f065c0df78e161782e000eb

SHA256
c08d3df255789cef8e67ec82aa10a4f03e065a548f95e6be123d17fccb48fcbc

SHA512
7954e5c7c2504dfc60899c959246c4a3f74d750c1eed85203b0c0ffc71e2ee24f1ca2fff680259cb3365ab54ee661410cc78afeeac2ca730ab956499d0aa7db5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
873B

MD5
fc82f12e5ff63a37dc5f0c92087c008f

SHA1
4094faadde683e889ea7f0385d91cf3451eb016a

SHA256
7fcd8046490736fe8b481d6c877befebb5dc18c7467232bdf6857d613ea5eb50

SHA512
ede279663bd4b1c73ab571bd7c31dca318ff93fa07ce2df202ffb16db7fb3e5493a2a3a5468c76dc7ae8d76f28b04a41340c54fd052f765a282a9febbdc7629a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
76a74adf4e09479918625be8b7881e70

SHA1
aea38ea1e6e8c8241c91c7cf4154b766b64638c3

SHA256
a1a1a9c048a40adf9b938a676a334dddd8ea42e6010a77e1f91598b1b37b3c96

SHA512
2276a2c4a1ff9d47da35725f64205c902e9367093cb5075213f9aa91dbdd975ba7fbdf0261163b1c80b5aa94e4815f6da77739c7308b0e1ba290b48ba8c89e10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
59845055c97933c91a2de9bcb0db581c

SHA1
094576a235e9addb9f9b8f0a45fbc4e97516baee

SHA256
6bc4f3afddb417ba0ebc9d9785226228890e9277c4a4ed8c75a07de3de21903c

SHA512
7ccaf62e9b61d0496de56c7b0c8607b149f81a63bc4ce6a6cd91919341cf1ae24dd1003f8c9a29bafb4dfd133c250dbfcb2825d68a26e7defbd9eecf8285cdd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1e8e9d6de9dced38a513f067181a2e75

SHA1
dede6d4df8c64a3fe3d8b0d0140118148def3e65

SHA256
9666b8822a1a89120781a9e33e8d408d19befd2289fab8feaf26e4f746365267

SHA512
67c6b322436e183452f7fd0b19a0736f48d6f1a0655b478f30bc2e9bb6d205b47bc80b48880a949da2ab59ca3962810dfd1152b92fa34505003b15c45c90bd73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
ba7809ff62b9d23ee8e06395f653948f

SHA1
c556a47272c1965c280df18853fc9f636b2e1d68

SHA256
fccca2497ea5eeacd7b680b969d5ef43f5195855979d3b51c403f70854dab0c1

SHA512
3e2f509baccb33268b56c2370127608c8f8abc8f1a4ada3805a7a996929c5f12a501c6a3aa0d645cb9fafffc87092aeb418cf09f88495377acc77342e0d2ca67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
97d2b756206aba2aabd1297c391103da

SHA1
f3e9b299431aebb0d56123c68e69bd3a6240002f

SHA256
3786964f78ce9fd42390f572d624efdf81902abd32b66699e3257d69208dea63

SHA512
32877c0849eb1d3bd1b98f4facecbf88a5ab4b7c323e8e2791c6b9f77c1feb2f9a006cf694106234d7d19da0f54cd5985b76fe0638158f6f5c73000eed182eac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
128KB

MD5
11887e3b08844006f5897b063c12543d

SHA1
13af0e27a20b65ba877b27ab7e85171d239b33d3

SHA256
8703fcbbd344c3d6fc08b40bee74cccefc06aa75f919af4dbdbc43552fab3b12

SHA512
bdfea036b2e9ab4c2a6b3a6bc6f57eb679a61c5e03c72743ace0c98904d7962030762acd4d0c9f2a9b5cf65728d7e7aca6fd8aa1dbeeb4c7258657489f8f7f7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
6abfb911b7f5d3a1275cf7e7886ac2c5

SHA1
1a8725e9c8b9e415ba85ae1ea935fa2518b1515a

SHA256
b7dc7aa9e86e4950fcb23aaf18ea111cc2212058907e5a163555cc9f1bf028b0

SHA512
9145ea86897914bae15893b8065338d09b0699321e69ad4ee32d786974eecfdd1dcf0f583d1de8318794e7719ca50289059483e634d6760b20c77baeaf8a2bf1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
479f8a392ece9ea1c3eabaa52de6f20a

SHA1
a222033b5d620371defa70765c6c405d22a79af0

SHA256
87f339b1364d6c8aca3aec2e3a7c67018b68d6a00e9455d896e9c5f5f86d6e4c

SHA512
83a2ccdd64ea9b8d0c78129c190dae80c25af3cfaff889d4d220887c6fd57ab38480a79676b5dcb63b5c099cad4bc8c139f189678e463d89e6e5d5af3f9e76da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
102KB

MD5
9832494082dbc6a79655b189a5f1afcf

SHA1
fe133e885d985eefcedc69ed8ff8a8813e54246e

SHA256
939344e8be2ae645449130c3c0ea747cff70decc8a36a5deba020eee078d3ac8

SHA512
f7aeaa36e1646572f162bf41045193ff2a70e2aa2682ec41a87d0998b46a62b47f102d886f31d5bc05ed0ded7b9c816e5d5c5b900dd2dd924fa9906ed211699a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58195f.TMP

Filesize
100KB

MD5
c79bf4efc621bb47695e73f540a0049a

SHA1
060f0a96b5ae66d2d18f0a6edf692bcd4d725dc0

SHA256
894594d7c188c192320aa298fc9d030a0b53a158207b28a7ddf9e35eb23480aa

SHA512
085c5141960fac29535505ff3887d3fb35679c848c8d5f42241f56493a878d4db6de723c4dccf02a72f282e8aba3aea43faceed7a490b047708dd427372cf452

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\CeleryApp.exe.log

Filesize
1KB

MD5
77bad1d125b667a25700d5ca12236308

SHA1
7be394cc32923f20d0fdc033a64089a95df73472

SHA256
0c411e74012cc2a18aa55230dfda9d72dc0819e84d0ab1a68f7dd99b8b7a2738

SHA512
1b2d163265e696f3b2b12d9bfa9338fb285e1484a4e5917e865d2fcf39387f374842de215d7caced03ae3e37866a1efa1e43f4b8cc0dad139ce68a81d29fa6c5

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\Downloads\CeleryRekease.zip

Filesize
26.4MB

MD5
4bff106bb1cab9379c7bba2dcf0b5917

SHA1
33eb1d2cbcc4e5e3d28549f8cce5cf0109997fee

SHA256
a986aa2f241adf5c499f10d7cc18f1917f20c4536d9799260b12efd7e0dcf3a3

SHA512
9cb8e1c1cba8b48859123f5a48b756922294b3df9af2ce43bc05863fd8ab967f530f3e99941080c6dc8d91df0c19d5fcf60541d12d8b3fccc9b956f084354258

Download Submit
memory/1856-535-0x00007FFD29DC0000-0x00007FFD2A2BE000-memory.dmp

Filesize
5.0MB

Download
memory/1856-522-0x00007FFD29DC0000-0x00007FFD2A2BE000-memory.dmp

Filesize
5.0MB

Download
memory/2236-512-0x00007FFD29DC0000-0x00007FFD2A2BE000-memory.dmp

Filesize
5.0MB

Download
memory/2236-508-0x00007FFD29DC0000-0x00007FFD2A2BE000-memory.dmp

Filesize
5.0MB

Download
memory/2580-534-0x0000000075160000-0x0000000075910000-memory.dmp

Filesize
7.7MB

Download
memory/2580-533-0x0000000005490000-0x00000000054A0000-memory.dmp

Filesize
64KB

Download
memory/2580-532-0x0000000075160000-0x0000000075910000-memory.dmp

Filesize
7.7MB

Download
memory/3528-499-0x0000000006D30000-0x0000000006D68000-memory.dmp

Filesize
224KB

Download
memory/3528-494-0x0000000006A50000-0x0000000006A5E000-memory.dmp

Filesize
56KB

Download
memory/3528-495-0x0000000006C50000-0x0000000006CE2000-memory.dmp

Filesize
584KB

Download
memory/3528-496-0x0000000006BB0000-0x0000000006C24000-memory.dmp

Filesize
464KB

Download
memory/3528-497-0x00000000062B0000-0x00000000062C0000-memory.dmp

Filesize
64KB

Download
memory/3528-498-0x0000000006C40000-0x0000000006C48000-memory.dmp

Filesize
32KB

Download
memory/3528-493-0x0000000006AF0000-0x0000000006BAA000-memory.dmp

Filesize
744KB

Download
memory/3528-500-0x0000000006D00000-0x0000000006D0E000-memory.dmp

Filesize
56KB

Download
memory/3528-501-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3528-491-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/3528-492-0x00000000062B0000-0x00000000062C0000-memory.dmp

Filesize
64KB

Download
memory/3544-509-0x0000000075160000-0x0000000075910000-memory.dmp

Filesize
7.7MB

Download
memory/3544-510-0x0000000003570000-0x0000000003580000-memory.dmp

Filesize
64KB

Download
memory/3544-511-0x0000000075160000-0x0000000075910000-memory.dmp

Filesize
7.7MB

Download
memory/4388-502-0x00007FFD29DC0000-0x00007FFD2A2BE000-memory.dmp

Filesize
5.0MB

Download
memory/4388-489-0x00007FFD29DC0000-0x00007FFD2A2BE000-memory.dmp

Filesize
5.0MB

Download
memory/4440-488-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download
memory/4440-486-0x0000000006520000-0x0000000006E3E000-memory.dmp

Filesize
9.1MB

Download
memory/4440-485-0x0000000005BB0000-0x0000000005C00000-memory.dmp

Filesize
320KB

Download
memory/4440-484-0x00000000057A0000-0x00000000057E0000-memory.dmp

Filesize
256KB

Download
memory/4440-483-0x00000000056B0000-0x00000000056C0000-memory.dmp

Filesize
64KB

Download
memory/4440-482-0x00000000004F0000-0x0000000000DAC000-memory.dmp

Filesize
8.7MB

Download
memory/4440-481-0x00000000750C0000-0x0000000075870000-memory.dmp

Filesize
7.7MB

Download