hxxps://drive[.]google[.]com/file/d/1-m_JuUMXABmwUlM2EEwmLDxWJBn17WTD/view

Analysis

max time kernel
242s
max time network
260s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14/05/2024, 05:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1-m_JuUMXABmwUlM2EEwmLDxWJBn17WTD/view

Score

8^/10

execution

Malware Config

Signatures

Blocklisted process makes network request 4 IoCs

flow	pid	Process
100	4480	msiexec.exe
102	4480	msiexec.exe
105	372	powershell.exe
106	372	powershell.exe

Loads dropped DLL 6 IoCs

pid	Process
644	MsiExec.exe
644	MsiExec.exe
644	MsiExec.exe
644	MsiExec.exe
644	MsiExec.exe
644	MsiExec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
2	drive.google.com
3	drive.google.com

Drops file in Windows directory 14 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\MSI9485.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI94E4.tmp	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File created	C:\Windows\Installer\e5a9135.msi	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI928D.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI936A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\e5a9139.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI9426.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIA5CD.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\e5a9135.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSI932A.tmp	msiexec.exe
File created	C:\Windows\Installer\SourceHash{2E67F7BB-C4ED-4EB2-B18A-C07C9C672006}	msiexec.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
372	powershell.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133601384750424143"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1687926120-3022217735-1146543763-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 9 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
3484	chrome.exe
3484	chrome.exe
372	powershell.exe
372	powershell.exe
372	powershell.exe
4388	msiexec.exe
4388	msiexec.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe
Token: SeShutdownPrivilege	5008	chrome.exe
Token: SeCreatePagefilePrivilege	5008	chrome.exe

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
4304	7zG.exe
4480	msiexec.exe
4480	msiexec.exe
5008	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe
5008	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5008 wrote to memory of 3812	5008	chrome.exe	72
PID 5008 wrote to memory of 3812	5008	chrome.exe	72
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 4544	5008	chrome.exe	74
PID 5008 wrote to memory of 1280	5008	chrome.exe	75
PID 5008 wrote to memory of 1280	5008	chrome.exe	75
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76
PID 5008 wrote to memory of 2012	5008	chrome.exe	76

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://drive.google.com/file/d/1-m_JuUMXABmwUlM2EEwmLDxWJBn17WTD/view
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ff8d2ae9758,0x7ff8d2ae9768,0x7ff8d2ae9778
  2⤵
  PID:3812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1516 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:2
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2032 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:2012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2928 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2936 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4508 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4596 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:1728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=5088 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3792 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:4508
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=824 --field-trial-handle=1728,i,7006651767969648643,9619345565722073742,131072 /prefetch:8
  2⤵
  PID:4028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1580

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3160

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\x64__x32__installer\" -spe -an -ai#7zMap31144:100:7zEvent3024
1⤵
- Suspicious use of FindShellTrayWindow
PID:4304

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Downloads\x64__x32__installer\x64__x32___setup\setup.msi"
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of FindShellTrayWindow
PID:4480

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
PID:4388
- C:\Windows\syswow64\MsiExec.exe
  C:\Windows\syswow64\MsiExec.exe -Embedding 06E18B50F1AB4F95926A5D163821D0FD
  2⤵
  - Loads dropped DLL
  PID:644
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    -NoProfile -Noninteractive -ExecutionPolicy Bypass -File "C:\Users\Admin\AppData\Local\Temp\pss957E.ps1" -propFile "C:\Users\Admin\AppData\Local\Temp\msi956B.txt" -scriptFile "C:\Users\Admin\AppData\Local\Temp\scr957C.ps1" -scriptArgsFile "C:\Users\Admin\AppData\Local\Temp\scr957D.txt" -propSep " :<->: " -lineSep " <<:>> " -testPrefix "_testValue."
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    PID:372

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:4092

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e5a9138.rbs

Filesize
18KB

MD5
10ba7901f4276bab9e4874dd4d0a0f7c

SHA1
8b42d47827684de3b6d02ca8f87613a5e5981502

SHA256
e94baf6207c3bb78ff83aa49804e64b4f2decd24d32e4194878448aa6c4fb73e

SHA512
a2926cb4681c5002ab948116781e2c57981f37d31b5e619586e3506ec3648c41a3c9df3a00ae7d16c19d1414109fb7cf9ec080846cc229115f9704f1f24dc826

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\357F04AD41BCF5FE18FCB69F60C6680F_E049417E5C2A0ECD64032982D0A31504

Filesize
1KB

MD5
6a0c915e0ee5ff3db84eb375030739c5

SHA1
d638ff795f2147fa4cd8cdc649013b2b4a174810

SHA256
7eadd98967b02f303690248011d482e0ba0b67a931d5baecf2ee5712298776fe

SHA512
8812953b9cbc7e4dc3246f705ecdf564ca782553cd74d1230e174cda30676f69eb213af805f7e5ba773054a89abcd25a56181b552ea32eb9cc78d3f7651000e4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
1KB

MD5
589ace9e8fa1dd726240d1bd66bfb6a0

SHA1
a6891b944a1878203e96a66d3d31cc8d608a65db

SHA256
3f1f65ba754da72f158d3923be71aac270c4cfc25cb5fca35c1afd2602ab9012

SHA512
45185f7f578bc4c403a235edd65f00d0696b2bfc91225a2f1a2b1b288e3ab1439d97304b2ad4049212c2c5410b4a90bbb7ec21a405cd9cf829fd6d54b6fda58c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\357F04AD41BCF5FE18FCB69F60C6680F_E049417E5C2A0ECD64032982D0A31504

Filesize
536B

MD5
511c441bf093d254aaa23ab6eddd7f27

SHA1
3e00a779562aa3bdbe4abdd074b6fb2788d6697d

SHA256
62ac3086377ef6bf3dd87a42db20fb3bb22c5f6f5c7e4b91d4502b3147f348ca

SHA512
0e1c3435df0779000034258684584d6613139bd706bb21eedc48324840746cff680efd9d42581340d9692f943c931496f615f5106ad9d37ae38c4c7ce0c45786

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\9CB4373A4252DE8D2212929836304EC5_1AB74AA2E3A56E1B8AD8D3FEC287554E

Filesize
536B

MD5
e0f6e9e1ab31462c84e961f03988bb73

SHA1
8df07d0235ff0a1202191f87de378d5828eed84c

SHA256
54afd6790b8f2bda26c5318bfdd4cf9f7300caa9e0cd82fbdb5d2f4076d27035

SHA512
ad19955f3473a774a2bd8cfefab664e841e77555dcbded0238d93e91c7cb62dff44591034bd7c4d3676809af68309921d2698e1c0e236a07c11d1c570b0468fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
288B

MD5
c071e4cbd6e48b7c333211b83d1e383f

SHA1
6cbe1f5b7967dd711a645efb1dd1e7bc968b32f0

SHA256
36e5855dded55e3d6599b9c148f2f2b8adcba7cabb1c6513f2184936d8e2d953

SHA512
0419c81d9bd1de125107fed8b2a6636ad38c3951489d479b5cc1fe86981fa7b8462f93cacec221300ead6bdb5bf9759c0c0f903c578cadf3387e0f964c3ef433

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fd7349687f62bf6de8c818a6ae7d6e11

SHA1
f18c0e47c9f7652a9e2e36edab0bb3635d3e8047

SHA256
14feaecaa81b8abb75e0584d88fedb6ff4bb68281d1e733e6ab7cf2946b61402

SHA512
05d3db3afa3e35d6303bd8a3cf2cac79b827db05de37f32ec97e029954a42f9020a10254559199ef6b46b3ca3c89b3a47f94701b42a356b6e2117b1932fc920c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3b48f21f310478a6e24d0cd2044007a9

SHA1
fdf2e02974f70147b0841525a369a98b156ccdb9

SHA256
175e684fce71b1ba9524337bf3a8eab8321115a949eac27d820e42207ba938ae

SHA512
ff8608ac7761a65430069e2666ad1bc44225ceb2f3b9b8e06286ede9875fe32bad487f5e7583789271a7914b8f5ea8d8f00b8ff35c1b41414fc590aba6e9557e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
fec3ec1176a7ba7c3185a520b07dfc6e

SHA1
bce76dae8a1e37e172fd21a2bda31772f6f90e1b

SHA256
0dabc3a0a1663b3ab86b092973277819e6e684f79bc1f86889cbe0884cd365f5

SHA512
587572cc7ef2971414cddec32c26454bb2bec66fa9859ec1603009438ebf05db1e8d1fd68ce639d530dc7fba5541d6abb7b22cc4d4b0b827ba35e299285c361f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
5574e6a81bca7d3b28c166e6204b6285

SHA1
23542141e25eb653d7af6875ddf21a510cecf0d4

SHA256
6f85bf707ae2998e35e36850d70b7ed1716997516653aa8c527d5e5cf16b3807

SHA512
15f250a11ef7f9db5e647cf5e3b2e47f2ac5c8172382ff22910bc2fd839a3f6bbebe6e4ac8585d1c2ee84924f2c9f832b23c0d3b0c911416165c85ba604e1911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
414bc9ff8422b1ee578059c7b190e3b9

SHA1
a29b2c4ac3c753cb3a803674ae1d13dca7c373ed

SHA256
628fdcbc599adb58e16c438d4c767300504bbd6eb4ca99903c66ee09ac29752b

SHA512
c65f5820867145c08a8920b08cd37d4f94803f67bd30a408f5adda995827f8c58b6f73e8f42580f4dbefaab3f3bb3008a0f3f99aa24ef46a3fd4dfdeed6ffc8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
0fd21c0656818a298dcbad2c555f1a9e

SHA1
982814205ebc290275ea10a7fa8b5428f860392d

SHA256
d66e1783c5e7bedd3546ca2a188b1e74c3ff3aa8b09626a6e43ae4c9e7f02c9a

SHA512
f543141bfadd1ee45295aa8d7bbe96596016484fc1f2079065a5ef569e3e00000a7425275fd7d7c829c98739d0970ad05948b07022da2418841950f498eef033

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d19c6b3a101cea30b39ca42d37f8088e

SHA1
b477928ab1a426631ccf8f1aee467c8997d43c4b

SHA256
53ede39c355b11db642f68927d5094aa496407b0767c23dd11ba5075202df054

SHA512
a0e9def0bb164fb3048d5c24ede3c62e9d6018a989c2246466cf625b5148c2959e4d7f7556ae06713f419f0cb81e7b06a96c0f1a516fe634562ccd01aa890543

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6ec289fdaf250a81ed276d20a89807c0

SHA1
8fb2c06a1a4466492901195fe594aef8d2a7a778

SHA256
4d05046ae667867decf06e151b7c46670b5425ee11c848b51f99899134c68ab9

SHA512
044d35a9a3259debd6b7e7fa77f8f180900b5c6650548e59de56fce0d805a9e6635e034e8236a239339e0e70b52ebcf2ff5674a3e53cd0d70ad6e70a500bd7c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
217376fe529be0d19c304b32f772e2d8

SHA1
535e7015ca05f2032266875215bc8100a91c2600

SHA256
2a1fde32c91d070b5040466ff7e9dabd0a9a99f6d8bc893dc44079f5b93d3fee

SHA512
2917185225547767321af441e87c690aa418c2f854eb53d6ef6cacc8a9a0dcabad1c65f61e9ca39b1a064e6b926c686d84707914d24425d2f6b26cef2a3e058b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
55fa1914a2c638b2eeb770681f651329

SHA1
53c8f20e8a5a9922d7bd1a1c07c475afeaecb9f6

SHA256
0a5792e06fdd88396da2d766b0720e5004d983837e52bf775abb149682e86e59

SHA512
204e11603e53c1c3a73a2494af25edc7116e6c7a1171629e7434479d365a0be3cdb43c9ea744dc03832eb23af84895c3c3f311577578f133eff358b2d4931e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
2d379ea19b58d37894dee54b260a0884

SHA1
272f9ffa78c8fd60bf0e651f3a43b91b560350b0

SHA256
14de721eeac0963d55537e766368ecbcc8f94c18e22f07f12efa8d490e051ad4

SHA512
310a3a2419bd30a0e673678b25a8c190b451a7844dbd23eb0fa8bc904a6c2d20c769a52d93eeea1eba94c6fd8b839d909b444e46f58845d9ecd2e14cdc4b1290

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
136KB

MD5
6e27c9d778c7dda024150bd2e006cd96

SHA1
f894944c6f7139f8162b42b8b7237191483018d1

SHA256
3f4770d6ba9cafae7491b5ad914c88b826646c3e47234eef87a448d685102118

SHA512
6be857cb398bf162e6aa622165f492d89d6aa5881df62621e57808430897f1709b011393d9991a304ebc3d87ff7468595d7cd3e627f8728807640580c1402c83

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
100KB

MD5
a26e7f572566489d9b86ce18d3c26d7b

SHA1
5e9c24fefa6b7510d748adcc5112d52d08bb7dbc

SHA256
917d5edebc467def9dd1d67f1af72703339459ac5f5f8d81137d57727306e3e5

SHA512
b1afa86f397d312524c99eb4050cb4f73152c4cd2396d7a96bafe85440df80028adfee01f409b217392e54849b21a6438ad414bcf11cef58aa5079a88a492f10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
103KB

MD5
3d9f5b12b5d148fb62aa51b21653a409

SHA1
1bfdea12938b2955aa201b600a5d2818199595ec

SHA256
14275e5e07ec400f71b4eb5f07faf11b77eda8ea3f09aade4b12c340b701098f

SHA512
356f59658430cf0ef9a51444a44b09371676d7c2545b2ec2dde7eebd1c663d175ed1af59cb9cf09fddc9f63aa03c839280f6c745b847b319ffc2f39b0283f801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe580d49.TMP

Filesize
93KB

MD5
2fbda9fe8eaaec605c6b3699e95c91f5

SHA1
2dba98657c336f572ac5b3f230b717b1f09ae541

SHA256
653975e5ee0e9c99f82d8a220fd13f9d700d9bc7213598e182e80e8cbc8942a6

SHA512
9df8f3d3d3aa77837f01d277167d678bf44f96c0ece146d1edd9f9320a8aef8272dd7406cea37a2b7e1022660a567d5ee711accfab5d8c1367ea46472a5fd889

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
7648a6c76422b148115afcfc86f0446a

SHA1
89d6823dd49a5f229ef619937991d4211e8785af

SHA256
695283edf7340cb9f2ebc4061c914f694d4c6c6785195d1b68dcafc1216e01b0

SHA512
af088765dbfe770f8ffa37bc9ebb79351289bf42dc529a68bd30b6bad72e23c382ea0d2b8435ecce01c84ad8e7b3f907e68c2b9a354aea19d4415272a97e6f05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_jojflaml.vxs.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\msi956B.txt

Filesize
54B

MD5
db420131f396adc6189eb74ccab4ef61

SHA1
f7a0653289e00ae8a37836e4bb0c484a5434f4db

SHA256
20712a091c0903c153ec0394f349e4e687fc16980c77434fab8af6c768b4de22

SHA512
8f29ec5eae268faa330bc71859bada8e36b6f53e27d819dff04451de2cb644307c80f64f71b5768906a6c5eb28e5e77f4a1b23dde01bbfa0e6b9575c4fd92f73

Download Submit
C:\Users\Admin\AppData\Local\Temp\pss957E.ps1

Filesize
6KB

MD5
30c30ef2cb47e35101d13402b5661179

SHA1
25696b2aab86a9233f19017539e2dd83b2f75d4e

SHA256
53094df6fa4e57a3265ff04bc1e970c10bcdb3d4094ad6dd610c05b7a8b79e0f

SHA512
882be2768138bb75ff7dde7d5ca4c2e024699398baacd0ce1d4619902402e054297e4f464d8cb3c22b2f35d3dabc408122c207facad64ec8014f2c54834cf458

Download Submit
C:\Users\Admin\AppData\Local\Temp\scr957C.ps1

Filesize
558B

MD5
32aaf95e81f7c25950c11c53615c753a

SHA1
603ae202e859261d2ea09ac44f84d98a44007316

SHA256
e523cdefc4d381fd0bb040f80f8ebcba9a022c7b731d1e3fba27ef0ad8643a58

SHA512
4076c6b5a77ebc5c5e02c28269cf4751644a508c9661806e7560664e9c9379c808ca8c0860e6efd4ea3c837edbcbc4b20060413012e5f446f17a44efcef517db

Download Submit
C:\Users\Admin\AppData\Roaming\Vuis Queue\AppQue\libgcrypt-20.dll

Filesize
975KB

MD5
24dac6152c216a1b7b1afef7c36e2b65

SHA1
a832467931f07b3f41772d89feb194a90be4119b

SHA256
784af4a0d287a6611d5ee4fda32e31d7b3d5afcd14bca75d2564bb9f0045b449

SHA512
b4da7fe3e32fe1dc89197ec4f0a84c1cb38ff4d872f842f4692d1520e2b39efd2d7e3b928a8e225d2504aadf72a923ed7ee7e3552988c6365b9b30358912d6ce

Download Submit
C:\Users\Admin\Downloads\x64__x32__installer.zip

Filesize
36.3MB

MD5
9e6bbfff1e770efdbe71020ff09732ae

SHA1
a38f07325cc3e2ab5d297c24365100e1f1058eff

SHA256
6555de8b241917104e0bc51ed9d4f7dbe255018568ce8973e7e6f5b180f5a19b

SHA512
792ff5dbfce1e1c414acb0e4c74964571bf24638b67b5227f2f5224f6ef3f4f89bb819bfe9e48e8fe657b0522bc44fe96b3730711297330361a5eda8503e0e9e

Download Submit
C:\Windows\Installer\MSI928D.tmp

Filesize
738KB

MD5
b158d8d605571ea47a238df5ab43dfaa

SHA1
bb91ae1f2f7142b9099e3cc285f4f5b84de568e4

SHA256
ca763693cc25d316f14a9ebad80ebf00590329550c45adb7e5205486533c2504

SHA512
56aef59c198acf2fcd0d95ea6e32ce1c706e5098a0800feff13ddb427bfb4d538de1c415a5cb5496b09a5825155e3abb1c13c8c37dc31549604bd4d63cb70591

Download Submit
C:\Windows\Installer\MSI94E4.tmp

Filesize
758KB

MD5
fb4665320c9da54598321c59cc5ed623

SHA1
89e87b3cc569edd26b5805244cfacb2f9c892bc7

SHA256
9fb3156c665211a0081b189142c1d1ab18cda601ee54d5f5d8883ecfa4177a59

SHA512
b205552a3cfbaa2202e6ef7e39e229af167b2342a7dc4a2f4cadfe4d05000966cf19e9e208e44d6bb0fd6a56f4283caeed9c13f523e5b301b87f79febb1840cf

Download Submit
C:\Windows\Installer\e5a9135.msi

Filesize
35.0MB

MD5
f21f1b608d45926927f6178511bdd579

SHA1
a1a251359d7cea7dfeb52d1314bc460144533eca

SHA256
b089485a125e744a166fc05cef1ec2ed5eeaa51b12f3b8e8d0adc73e7579cc5a

SHA512
66521db47efc6a6f82693330af0e612886e7f0f13c7737da6459c0abb937ad1cbcd1376dc9fbddd6d78af551bc38913871e2e21e48e8d5ed630377b523e8f276

Download Submit
memory/372-229-0x0000000006C40000-0x0000000006C62000-memory.dmp

Filesize
136KB

Download
memory/372-252-0x0000000008B80000-0x0000000008B9A000-memory.dmp

Filesize
104KB

Download
memory/372-257-0x0000000008EA0000-0x0000000008F34000-memory.dmp

Filesize
592KB

Download
memory/372-258-0x0000000008E00000-0x0000000008E22000-memory.dmp

Filesize
136KB

Download
memory/372-259-0x0000000009B00000-0x0000000009FFE000-memory.dmp

Filesize
5.0MB

Download
memory/372-251-0x0000000009480000-0x0000000009AF8000-memory.dmp

Filesize
6.5MB

Download
memory/372-265-0x000000000A1D0000-0x000000000A392000-memory.dmp

Filesize
1.8MB

Download
memory/372-266-0x000000000A8D0000-0x000000000ADFC000-memory.dmp

Filesize
5.2MB

Download
memory/372-235-0x0000000007CA0000-0x0000000007D16000-memory.dmp

Filesize
472KB

Download
memory/372-234-0x0000000007F70000-0x0000000007FBB000-memory.dmp

Filesize
300KB

Download
memory/372-233-0x0000000007390000-0x00000000073AC000-memory.dmp

Filesize
112KB

Download
memory/372-232-0x0000000007630000-0x0000000007980000-memory.dmp

Filesize
3.3MB

Download
memory/372-231-0x00000000075C0000-0x0000000007626000-memory.dmp

Filesize
408KB

Download
memory/372-230-0x0000000007550000-0x00000000075B6000-memory.dmp

Filesize
408KB

Download
memory/372-228-0x0000000006D40000-0x0000000007368000-memory.dmp

Filesize
6.2MB

Download
memory/372-227-0x00000000010B0000-0x00000000010E6000-memory.dmp

Filesize
216KB

Download