b31d35b62857be8f50163f0f04d7854596481d740f37a8fcbbdb6451969208a9

Analysis

max time kernel
192s
max time network
194s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
22/05/2024, 04:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

First-Time Mothers Information Pack - Copy.pptx
Size

615KB
MD5

190a9f6c7489e5b2c8090da351bfc9e3
SHA1

c75775ed7c1bc67695bf12c82f6ff89832799519
SHA256

b31d35b62857be8f50163f0f04d7854596481d740f37a8fcbbdb6451969208a9
SHA512

e40eb15a44cba107bc02c0fba2091ae09b5400ce57a5d9540aa5f808f553c310602d4844941cdfa9e8df6e1a024a82ed3b16f7e1080dad0c401a1315eede1c07
SSDEEP

12288:OzN3x6vzu087yqAt6C1EFHRUcOFeKfR04+MX/UzZkqwZgB1C71:OzNh6zu/9AtZyFHRmeKfgP1knZgXy

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	POWERPNT.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	POWERPNT.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	POWERPNT.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133608272645815312"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{2D766FFD-D2D6-4634-9AAC-581A89BB392A}	chrome.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
920	POWERPNT.EXE

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
1048	chrome.exe
1048	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
920	POWERPNT.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe
Token: SeShutdownPrivilege	4824	chrome.exe
Token: SeCreatePagefilePrivilege	4824	chrome.exe

Suspicious use of FindShellTrayWindow 27 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe
4824	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
920	POWERPNT.EXE
920	POWERPNT.EXE
920	POWERPNT.EXE
920	POWERPNT.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4824 wrote to memory of 372	4824	chrome.exe	100
PID 4824 wrote to memory of 372	4824	chrome.exe	100
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 3260	4824	chrome.exe	101
PID 4824 wrote to memory of 2828	4824	chrome.exe	102
PID 4824 wrote to memory of 2828	4824	chrome.exe	102
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103
PID 4824 wrote to memory of 4724	4824	chrome.exe	103

C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE
"C:\Program Files\Microsoft Office\Root\Office16\POWERPNT.EXE" "C:\Users\Admin\AppData\Local\Temp\First-Time Mothers Information Pack - Copy.pptx" /ou ""
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffc8c2ab58,0x7fffc8c2ab68,0x7fffc8c2ab78
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:2
  2⤵
  PID:3260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1856 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2240 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2964 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2984 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4340 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4624 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4500 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:3776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4848 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4916 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4116
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x74,0x244,0x7ff7e6deae48,0x7ff7e6deae58,0x7ff7e6deae68
    3⤵
    PID:3416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4240 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3620 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2736 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=1844 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:1044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4220 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4540 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5340 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=4540 --field-trial-handle=1912,i,13532840138181988305,4061232760264770424,131072 /prefetch:1
  2⤵
  PID:4072

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
69KB

MD5
0ed8278b11742681d994e5f5b44b8d3d

SHA1
28711624d01da8dbd0aa4aad8629d5b0f703441e

SHA256
354730711c3ca9845bf98ec5dfb58a16e50984f9edcf0e8f432742326334f8a2

SHA512
d296ab1f1b418b125f09598ca6645d984a1cf67092a914956b8879d285ee35521b408363b47da195de79086e3be3ed9b1709bc8f9cd2e32d5dccb720a010bc8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
325KB

MD5
a58047728286bafc6ce249b3671503ed

SHA1
599d3a70cd3566fd9440018490f71b789cb06eb2

SHA256
dbd533c5b24f741bc19285d3cfb0d89a07bfaf4dcc142235ba7224bb2692415a

SHA512
75cb3000df8aa2adb6766517b77e26b6ada579310d5c0f436ca60c7fb3b9da9888e38287e9d8730ae82bca33d7b1a32389682ff1cd12b1d1b222ce9c0e1fd3d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040

Filesize
141KB

MD5
9281f8a69cf970f8525ef124c7a97aff

SHA1
64129eac97dd50bf53d1cb74dc7b6b7a8c05402b

SHA256
6ad3cf4e7c1b13aad5b357d5fbc6444ea67a5fac16a7c64a4cb06c755213689b

SHA512
86194130a004288e2271e815e2fcad2b640721975993d2f1f80437ec8de97a63b30958cef5d242a6b005ac755fee60f1e5f5cea63c4a66756359194ebee5d449

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
810b3c603bab7410f578e79e58344a42

SHA1
6b87b824104d14905380881886bf5d6f90ee3a08

SHA256
c06ab73a0f2597ff3f798bbbdfeb162d49fb69c2aed8ed2a35c345413d7dc829

SHA512
c5caf95e0c609f8d61f39c8826e6a197ac0e6500957b2e8aafcdeb67da79691bdcefc63d1fb05cde30265e5764e765fea09b4484bb8457ded97414e54d54d571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5cd4537a55411b1dbb3ee3d66ed37287

SHA1
07cdab85f6d27c19a86874eacb6c1b7ddc66c984

SHA256
9b1b56ca66e5dc86fee829bd44d52db1ad308bd4e3c160c685b4283767f38548

SHA512
a71783bda5a150ea07372b2508e24ce9f3e5bb8c79284ac0665bc2d7718100e669d3499c0f2085a15431a2f080672cf03736a2a3e8263d9886cd661a2df79b60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ee3c44c6796d6a231b80b105abefa855

SHA1
251d57212e7b16faa7b67fc4e97181d24a4d3842

SHA256
fd2f5bce3e06411cd11990ff1c4a7d896ed63f738b7ea8488aec9dfdbff77824

SHA512
143f01f60122f42d077ba35c13eb76d8b612dd30665d1df6178e710025fdefba0f6a7d60b0dde92bcb2bf2f3121b59cab196945f6618c7e1458a613684571a87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
a76a5ddb64b8632c28fd2a13b4867d9f

SHA1
6408cd3709745a48a8cacd46c8fa5ba3a257b43f

SHA256
2143449f1eb0d4a25dd0618ad799a0374eab87b79da59e24ba1ec9fed5ad04f3

SHA512
df7c3418279a00db0888146f6821ed8c1c983a89312694eb39c1a75a4eba0c7356dccda03d8a657c5f32038abb1e6d99a108ea4c79f30105986b8c9356161ffa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
df6c161a6d2a8606deb510b381b4d38e

SHA1
a88452b322a6f128196dd432653c891b7dac7feb

SHA256
dc12f868da41d3904a06b3dbc8d899c7f258959f38910a581bc86ada4ceee99a

SHA512
f81760b0fb366fc37e04d3bd12c19fe3e27428d65ab595fd8ee466d41e7593a95cff993758c6ed7b36e9a08c91164669afe01b01c758adca36fe6bbc6582e287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b51bcdba774d46e4052fce55c683715f

SHA1
ba613543e4ab4ab15cf74c606c46e9ed01e747fa

SHA256
3eeaf4ad531f6c861eab6d991243c9a72db80052587b92a30ebbfe8380dda586

SHA512
52c036dae46a4409c83c1b5ed3277c717a6e32c54404b82adeb544f7769ce89b1d624c43b5973d959ff8f9246071177a34a3b364df4d5bb2f8a5e7a07f9f2c5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
ecc33716ffcf12c7637de4852b1f93ea

SHA1
f95eccbc67ea64a150c76413ddca7a10c196bb41

SHA256
055a8237137fa5f2d92e7a1a19408f03de048d9fa7872b73ea6883b0aaf786dd

SHA512
2d3a0bfccd36b5c2be88e17f7a53c3790b7af60a4530a182cdedd32fa7e87e25042b7dd5e49a554a760bb3b79958b239d984ee75eedef5cf966c2e75fb6277ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d0955cf219a2be4a5ea748d47f06e4ab

SHA1
6be207a78643249c1b0cb39f44529cd02ff3e83b

SHA256
a4eff3a17f4625e0303d08bd83e6efb0c778deb888e603f0fc0e0a2cabae9fb8

SHA512
75958be774099d16cb3517a9ec7b6b04f0d850a4d4a81327465cbc0e9faf72d7f48adf6488853fa8e13925db311e27da68a9ce39635d45c9d44c48fcca267b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
1231ca4ffbc39652043399c0b8702dbc

SHA1
a01ec33d0729497a3ff7af63778c7c4e739c7a7d

SHA256
b45e2dd6ed9609a2f491f46cd530de45ac775a296055eb4801e1a11c12328ba1

SHA512
4a9b3ced7ba5cfed40d78ec14dad2eb66f1fde33be2f3dd40a7f55ebfa72d7c374aff2ae1bb04dca5412014facb6828f4e309db32c401865a22483afea351200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
358de4526d5f60e33a829439ae2b8fb6

SHA1
4b834abd9b16ec35488456b39f398dea9dfbef4d

SHA256
4c7eb177a666cec4cdf63fa0e9285a699eeab0f49c35313173a053200e0fb613

SHA512
41ff3d26beea43069aa9e29703aa7ae25e7c7fb1fefc32ff1dbbcd870f992d64ee92dbcb8fe29a1ef20fdb87294632429f58b48f634aba8ca77d062c0d4da4c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
3bd207bda7fad69aca3b530466e41d81

SHA1
ab9ea78155376f2ed5e4b37b48fb211c77274c76

SHA256
722995331acd339e79f6320ebce7d2ac21879569805e1f9fdc6c0880cdc71218

SHA512
4f10b9a6020bf70df87fb882f6675385e25267bf448a5404a6374cfea89981c3909a398aef73f9f31b47f2ec672f1e9ce873bea50dd28709a2bb11c41de93ff9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
e8f041ec997c5a3d32b3abdbd9686281

SHA1
71f410eb20f32ea1e55849dad3fcf9ca2252a92c

SHA256
8a396d512cb9c83cee63b2e03826cb3eabc4741ff00a5d60e379dc961732322a

SHA512
e253d5de363747f613a4a095ef2dd00071daa6dc037bc478675c1f9f8ad0a110a1acc83f90213c7ee8afb5bd12b96d2a02a8719d85ad1b3e7d1df1e9ed888bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
16099ae3cb89af2e93282d7243660a37

SHA1
bbddbb1f43b48bb9d4ffa2be5a28fc15b402ea09

SHA256
79f5250df8b912b6289a65cc4dc3de80be1dc5edf1d5b9235bf6d86043853965

SHA512
953a760d97df6922baac5f456c29fb8e899a02f7b45681db23846071bbd6fff0277196f5c2b913cb596a178d26d4d0e5b5d6d66148ae1d93eeb02c3ac2b063ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
51c953e70ead094cba828328869893d1

SHA1
f328e759c9073708c6d3238ca3c67579742baaab

SHA256
5dc5d059b97af65b13bbfd5ab1d4ab26912f208cff6f3eb9d3b71f0f69fa7bf4

SHA512
54e094002afbc12abd2c5ee793671099413d54c44e0d2c0c5a63f9f282c6253fed717c1d29b5ebac6c94a534212687deff1988a5da35e8beccbfe27e875c476e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
75c7340e0b0423858ae8e7a1efc3b19c

SHA1
59810b66b0e68ab9394ec35e87d240650fdb24ec

SHA256
58d2b315f5c673970597ec97df6284599e982ef88b43cc060358a0f4d1155f69

SHA512
1e55580d5bf4acc9f12aee31861bff1e9fcd48bef408aac0aa606e19cd579c84545c3dd3b9fe8599073682d9fbcdaa0d7912ef95305b2bce716af8fec60f4a33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7d1d35644551ade352585f3ff46d5e33

SHA1
5620339dfc78f33cf6c4363a038a17e908567539

SHA256
5029df9369b666dac53ba68445a9626577f6e7fe3d137d22526d4793a9e9f3fd

SHA512
d3e17a711908eeebe96e57f1fc7432eafc4e40fc46c7425d4e9cee17db7db2ba470c3d57d99f359f813a0c53070ade8d35383c20f5e39a92173e5a245a9a193f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
bad8e01b8056817dc4c29b1ae5c0919a

SHA1
23065008c7fe3820389e6348cebd42fc3e7d982d

SHA256
5cc67c7c55429d98dbc21b50177fedd79a4575aebecc4c093e98549de557fb26

SHA512
02b61ffa305657b56970e39161d3a3131cc6a091b1f963c2b9d9f9d6bb8078fc26ebcb02712f9e14cd1a296c1f54cc22393df8ed295ddcfc612c70dcad8c8bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
2bbf32539e3eec40da67a011857ff754

SHA1
3fb43b7d7d2acad9a3551f632e62d64081f12fe4

SHA256
4e7c90fc668bd46f6095aad917e4112439b030b44e9a02de9fbfde9d6558e29a

SHA512
2caf04f346749410cedf00529882dd31c6f81987a507998373297e13c3692c3ccba72ab4ad41e692ea07bc37a0326bcbe9c7ea3367cb0e85629109bfd2715fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d3c446577b4e4de3cc2764a202c50a6c

SHA1
22c40a8a52180ab50071cbc3c009fd1964fbaa8d

SHA256
b651d50349f59b3d09d2fc771d652f717cf4720ab3800b5ed55b388fd7f512a0

SHA512
daf8d8ed4eb3cb794bc1552fae730c6272f47f0e22c8dfc503747f4a6672166e0c415f09aba924461af758051ea524aabf644e7c3eba5251b255d01ecc153512

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
02254710f41bca4e96b3b5114bdb3c9d

SHA1
7dbb8004258621aa956d84a72be9efd370c6aae5

SHA256
12e2939196a4f93527367f704a345d6378328b3262133f1a96279248443e6f85

SHA512
384305640057de43e3cb8c09c5af778e289209a28386c58874409adba7eee38078a56f11b958fb1f7a6db9948e6077e429939fa15ca19d4209fe6e581b8d0a5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
b1eaa01ed0a28be764f4510cfe4921b9

SHA1
49ca00259e315a63dc13d74adbd46328624892f3

SHA256
a41e76b5eb76ac26564cd3e6a42bc9205896c5f10d9d05784ad18399393b4c30

SHA512
7baf98e8ab97e95b320d9827f4e69814ec0fc1dd9c20d962693e2c738e3a7c6354466a6fa01ca17e57e2126bfc0e210c8eaed71e71d2f898ffaff9e795b1cc74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
fca729f143c887d4d8c64d5aa96f15ff

SHA1
984bbd62f640601aa077f5593e5c253179b05b92

SHA256
90707f02ac9f6f55f451661fe166c854b9e59e21cb12e4b00379394fcc493546

SHA512
83c1f4813365832ce187d1c8f915f623f788ee33e6cf5c0e4c161d5b462cb9471eefb4b8a05021adca8573ecf4023a7cb39110d7aa649690b5f2da2f46549ab7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
e717a9314f660210e16d1904352bed5c

SHA1
611afe6511502d4d13e2be703a7b24d07c2b6b6c

SHA256
56acd7993152ba3ecc03a62c91802c4277aa55bcf3e7ab7c430905764b5d8fb5

SHA512
edb527327c6390e41d3423f17e04a156964c4a394ba4906700cded4cd7ba4d20cd8fd71d3eb06344ed5b3742c636c7937d6f44463852d0f11fcc4bb85e2e848c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
d9d0f06d998d758fe6def227628a2e31

SHA1
4a5c96307c22ebec7512b08af432ac019823f46a

SHA256
e4f4f0740ac899cd3fd5ae831d7fe9584b1b94c073c4a8929cb34ce60c491d87

SHA512
0b1a9c9ff865ea69f1b93ff0a8b9e4f58d18445062e68eaaca9e2aae9da0963f97c4fd54f5437b76583a048b4d51204899750ac68248dd79320c4d2ea5beaef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
256KB

MD5
f8fc60241c6dd40a5826d80e864a9bf3

SHA1
6195b12b2e98ff005b2ccdd5963e0ea6d46d139a

SHA256
107f7065669357feb3b0e1a3d5a2be7b2c06735642916776061fc65e098be630

SHA512
62c186de0da15cb26bd2427a12c9f9a6d11fc92f204c1a067cd2cfce5e32ee1b1d80e1c11b5411c92dcaba630ff4e1b8e7206a08d5374e0a01c4f79faa11d486

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
90KB

MD5
1a8f542b8abc0b9a8a884721b337fc0e

SHA1
412c306339811c3de8e3aaf4e7ff98072f3b9343

SHA256
4c796fb94afce146bc4cbbf72071180eeb2357611ed615ee6ea2bffb8adcbef1

SHA512
4e7d1a2ab97a8b231e85dd760d13410a51be3438d8469c07cdbe58defe564ab4d2a9201d17ec655810b6a7079a260551c50844e470d36004bf695f9767b61d9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
93KB

MD5
826dc9211d254a339c07278d3428d7fd

SHA1
772038415879513b8a61eccfb82811cac8426033

SHA256
a767508e6a00fa5019d3912d71b22fadfde5907503423b83b9784b3df316ecb5

SHA512
ccfe97e74fde7f77bd1ef76d4e8d128f2345421fe05b7efd054ef0b3f4baa0ffa846adb72ba98bf13fec4ee4bfaa6fe87be8d54f73e3604fa111373f1512a08e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe582815.TMP

Filesize
89KB

MD5
5f8f0de4b12e43b2b1faac7e8d99eb3d

SHA1
ecb58f1a20378c22f10810a682ed84aecc27110a

SHA256
158f5ce69e36fd64a7d62e3d1f0e09d27a2f5ab9ce55fa3216c66eb4146ceecc

SHA512
a2c62182b6ebb9bbda3e37f2172f9c30210bb7c8da22be35d27edba9daea6b547ff8ab4f3693673828fbf39908be3a45382898eeeb09ae4d10405e7116bf78f3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
memory/920-13-0x00007FFF95770000-0x00007FFF95780000-memory.dmp

Filesize
64KB

Download
memory/920-11-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-20-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-17-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-47-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-18-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-12-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-50-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-15-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-16-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-0-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-14-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-10-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-19-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-8-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-9-0x00007FFF95770000-0x00007FFF95780000-memory.dmp

Filesize
64KB

Download
memory/920-1-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-7-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-3-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-48-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-51-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-49-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-5-0x00007FFFD80ED000-0x00007FFFD80EE000-memory.dmp

Filesize
4KB

Download
memory/920-4-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download
memory/920-6-0x00007FFFD8050000-0x00007FFFD8245000-memory.dmp

Filesize
2.0MB

Download
memory/920-2-0x00007FFF980D0000-0x00007FFF980E0000-memory.dmp

Filesize
64KB

Download