hxxps://youtube[.]com

Resubmissions

25-05-2024 12:09

240525-pbs64saa42 6

23-05-2024 14:41

23-05-2024 13:11

23-05-2024 13:11

23-05-2024 13:03

Analysis

max time kernel
69s
max time network
72s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
25-05-2024 12:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://youtube.com

Score

6^/10

Malware Config

Signatures

Looks up external IP address via web service 1 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

147 ip-api.com
Drops file in Windows directory 1 IoCs

Processes:

luajit.exe

description ioc process

File created C:\Windows\Setup\Scripts\ErrorHandler.cmd luajit.exe
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

4856 schtasks.exe

flow	ioc
147	ip-api.com

description	ioc	process
File created	C:\Windows\Setup\Scripts\ErrorHandler.cmd	luajit.exe

pid	process
4856	schtasks.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611126034367569"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exechrome.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4018855536-2201274732-320770143-1000\{84081ED2-8D4B-4DA9-BEA8-69857C75BA1A}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs
ransomware

Processes:

NOTEPAD.EXE

pid process

3628 NOTEPAD.EXE
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

2204 chrome.exe
2204 chrome.exe

pid	process
3628	NOTEPAD.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exeAUDIODG.EXE

description	pid	process
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: 33	3560	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3560	AUDIODG.EXE
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe
Token: SeShutdownPrivilege	2204	chrome.exe
Token: SeCreatePagefilePrivilege	2204	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe
2204	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 2204 wrote to memory of 4276	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4276	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 4552	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2736	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 2736	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe
PID 2204 wrote to memory of 3024	2204	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://youtube.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea936ab58,0x7ffea936ab68,0x7ffea936ab78
2⤵
PID:4276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1676 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:2
2⤵
PID:4552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:2736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:3024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2984 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:4432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3000 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3932 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:4512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4452 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:4996

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4660 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:2944

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4804 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:4692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3340 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
- Modifies registry class
PID:4840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4988 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4884 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5264 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:4860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:3356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:2160

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3344 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4320 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=3016 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:1
2⤵
PID:4572

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:4864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 --field-trial-handle=1904,i,320212054397432798,1892843046662415173,131072 /prefetch:8
2⤵
PID:2468

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4984

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x508
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3860

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Launcher.bat"
1⤵
PID:5000

C:\Windows\system32\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
2⤵
PID:1332

C:\Users\Admin\Desktop\luajit.exe
luajit.exe log
2⤵
- Drops file in Windows directory
PID:4944

C:\Windows\SysWOW64\schtasks.exe
schtasks /create /sc daily /st 14:24 /f /tn WindowsSetup /tr "C:/Windows/System32/oobe/Setup.exe" /rl highest
3⤵
- Creates scheduled task(s)
PID:4856

C:\Users\Admin\Desktop\luajit.exe
"C:\Users\Admin\Desktop\luajit.exe"
1⤵
PID:5432

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Desktop\Launcher.bat"
1⤵
PID:5752

C:\Windows\system32\cacls.exe
"C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
2⤵
PID:5796

C:\Users\Admin\Desktop\luajit.exe
luajit.exe log
2⤵
PID:5812

C:\Windows\System32\NOTEPAD.EXE
"C:\Windows\System32\NOTEPAD.EXE" C:\Users\Admin\Desktop\Launcher.bat
1⤵
- Opens file in notepad (likely ransom note)
PID:3628

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Scheduled Task/Job

T1053

Privilege Escalation

Scheduled Task/Job

T1053

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
e031c410eab56772ae4b23ac5e8838ca

SHA1
e8aec8e61993fd0b6f2a9d2542e0281c02c72eb3

SHA256
40574f35b27fa7c1aafd6863713e1d37c3c8a565dc4e53100d37d4a3463ae635

SHA512
b56e58d0ec60e2b17a58af154637761c1562d633b578b1e4a234667c2528c9e199ebd3c6953164e0074d6fd049cfd71208dce03614f8944e91f6cd2c1cff49f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
f21404ba932c150bac13828b09318835

SHA1
1cfa4bcbaf7c3c6b6a101a4f54e56c1d747a0173

SHA256
f1a5817fe09f92e5ddb5f637160b1d1c4f5b586d9eb61babe27ede828ff161c2

SHA512
c4af9c6ea8ea585a5ccc9edab5eca264caa04305633944e6323ffd7776a37b1befb29eed797a7d2b9fd9d09bfb68734df4d5ebd0e2da07ff0f894b712b76d66a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
fb79c36b266c16bc81cc54653463da9e

SHA1
2ad88fff522320f63c7072a251646481b1c4b6b6

SHA256
5a99eeee3e1b77c7dac11fc715f1ad754425dc993acfa8da518dc1db833550ea

SHA512
5b208cf0d10eddccefa844ca45ca4638fd70eeec2b9e39cf728d52e13b17cf6272e9e5921d61125418fa9832f7fe7cd7258b3e263a240849cab46ca3c887acef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1515c05060f67788ed969a0121c1972c

SHA1
f3f1ae196588963e63c3de60cb51c54cd6112bb2

SHA256
92dec36455af77db14c975e2952f6801267284bbf0bc215fb413297b489da028

SHA512
6123da7bff11bbf061352b065c7b6ed69e253b29dd975958e746bf4870445f3de1811fd5d07194e157d5ac6fe94e8ba21b427ffa1264b21a80c00a71328b77fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e2b87457ba6c8f19bec8a0ad16e4b52e

SHA1
d5d840e973feed6e0841d51b112919e68068689a

SHA256
36008ee8baaff8991bbcf1b114366c4bb02010a6710a765cbcd85b779657e6b6

SHA512
35d1d3fd7414b295ee86324861cacb9f63f3eb3c825b573e86c0c09e7d09bede2a031a31d4fc84f5817aef496d9929a92a98505b6480c0905d3223f8fb3ec05a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
e7228983f17bd9a34cafa02024281d78

SHA1
88489c8ae1c78517235ae14911014549aab9b083

SHA256
839277f22041aa719b3f1cfc81de81ebc8e0d8513bd7289522c81b305ef6dcc0

SHA512
032c86ebf6e14a31cb6b91c57d7226c55cc67b7f8dd9e7aaba52dbbf2c6511be6b93db19b91067e2aa6f28bae83c666ebebae7ae680a4b43241c78f7a777e4b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
f010a3cb5f887491c56d77fd7e98f53b

SHA1
2d9d187f776c217439f9b57653f6d796922d953d

SHA256
2c3455e64fee6ff367cba3607370b35f84d5394d8124979b18c473ada98872cc

SHA512
8d2d550dcc8e9822d58fa7e13bdf8f59259edf1631b41f1ff2453998ec9added646824d9bc6fd7860c0e8106c224f32b084c6c23da0569acbebda7ff5c69d5c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad0746c7-e438-49c9-a2f0-3fabca206a02\index-dir\the-real-index
Filesize
2KB

MD5
7cc4e942880ab7eb07befcf3a45c23a1

SHA1
e2ac29c57520830d160a96c5ea7a29e1283b6932

SHA256
975039627ee6a644811ac4f22e5201f1e05c7ffd71b01b325c67a7b97a064e23

SHA512
21d88c9e85776af055d269eefd825632c7820bf4c31fe9838a6ecb7c541534e160a18bc457ddbbee8f1a35d0c9c712421dd59b6ea3f81ac24eaa175067d6c98e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\ad0746c7-e438-49c9-a2f0-3fabca206a02\index-dir\the-real-index~RFe575340.TMP
Filesize
48B

MD5
e8dd5778bd4d88047aeecb12fa050527

SHA1
14684638281376879a8f254edf89162c133f8541

SHA256
b7109a2a1557f80d2af4d2f1bc80182e129190892023685efdaa2e7b4cf6f678

SHA512
7793585e61752465cca306b5abeb8b75dbeca9007d84959a844a8267292fc639b4bb63bfc22cba4bc54fc06b33a07da767b673bab862707353361167db1af275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
176B

MD5
f90b1eb5aac086c4034a468f58aa2c27

SHA1
50e1bb9809f9ec96f0eb15266f1ba38622be2b6a

SHA256
af9ec2c078b81304ddeb0970b3d32e014c030bedc064fd1a4474272aaf0d26c9

SHA512
ec628afb0805ad3db53dba8882f9841e6409cc637f86bcaf3cb9d5a478f9eb4a6e45864dd583fdc093d34da4ec51c30c13b9a2568f7ea952cbbc5d4e79be734e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
114B

MD5
ac5019f1237cf71c702c0ac4e2c16265

SHA1
c40227d86daa5f4f9a570ab93bea683c4afe8b14

SHA256
836b0c5d6837f919f1792652066b4a25defdd820fa1fdabf18ec8e256e20c03f

SHA512
8069a5027e39215ba6b8708c7c15d9c3d06e5fa7bb24cb357199682c59e79d2a62925788a404b8eff28b93ef2a9d2a5d66b3abc348b962fc4fe846fa95032ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
112B

MD5
fdb0fa971a3e9815b21333bb46c53bd9

SHA1
b7c443ac2ce17130982f17ad4185baf77f49a15d

SHA256
ea7688a07e9d679f63d10eb21791e9542259b43118066efd4a0c15a8130c9a73

SHA512
08ae7cc31478700c70bec14923349b3efe05937e4b76a2393713ed3ae7c5ef5ca754dfde8ea2b00945a7de0a0a2c901aa175a135ab2bcae28fd626bbdbd91e11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57376b.TMP
Filesize
119B

MD5
d3727da1e22d705ea38624053dfed8af

SHA1
9d967f7e5c0143f4361164844f946939f5fa103d

SHA256
1735d7b1b3d5fef7056a58759abacbcc3a9f82d9ef1ca1d2d6a61b1b81839c77

SHA512
c7a04239efc5fe9f4ac53a7663d36a5d851801f9afd56c3762872dc663e740aaba5886934fc09f8b4a5b81701bb64bcc8ed70c46134701a23245e6d41babae5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
f62f32b655518588ee0212873875e77d

SHA1
ed898a77b8350da1d389b4a271c3c6d4b9994a7d

SHA256
9c1fea789ab07c26820b2ff0f44f8639ef7907cc5d5dfe81768f6e786e164580

SHA512
6b305f9eb61dd592a044e798861a41e990ccffef3cd9fee83da03e20ea2f659c20dc6c4253ceb32ba809359f680af95d4e637de2921e536dd7ffd2ce12b75807

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png
Filesize
673B

MD5
88dfa96f9642297ff88909ca4e0f7330

SHA1
ed8655bf13e6cc49395da4c760168c4148454b7c

SHA256
5e5eb084cf1a650b2e122f53d36f85b67ce6e39069e399a46a25dbd34f7be286

SHA512
cc2deedfeacf9f26e48cbb26e222a219905888b95634c7d91d6393b84248305ce8940816bdb3bff0f5384b9dad90f4e3905b229e06ce4b1023a1439293b240dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2204_460954734\Shortcuts Menu Icons\Monochrome\0\512.png
Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2204_460954734\Shortcuts Menu Icons\Monochrome\1\512.png
Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2204_824179428\Icons Monochrome\16.png
Filesize
216B

MD5
a4fd4f5953721f7f3a5b4bfd58922efe

SHA1
f3abed41d764efbd26bacf84c42bd8098a14c5cb

SHA256
c659d57841bb33d63f7b1334200548f207340d95e8e2ae25aac7a798a08071a3

SHA512
7fcc1ca4d6d97335e76faa65b7cfb381fb722210041bdcd3b31b0f94e15dc226eec4639547af86ae71f311f52a956dc83294c2d23f345e63b5e45e25956b2691

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
b4b90d0517bb2317743cf3bc11f68f5d

SHA1
a27bf567bffd371359a3796bfead343d9f911416

SHA256
6f995b34baba6bbf772d9c379a9c464a3126fe1736812ddcc4375639b91452e7

SHA512
e189c3157eb466596b8eb2d9a7d581610dc7d5517b96bb320ae8c1fa221eac88893426a393c12423244187f93e7521b11abd30c88ab4054f29c7802bc4449ddc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
98f31839290e15cb059d95a4cfe7a746

SHA1
406307f11008900285e203871e46194f67009770

SHA256
d3f0fd4d61ebace5adcc65e8a4c9e68754fe10c7622b1c852a56654ae936a166

SHA512
591c4fbe88954608612e58e901c9d898ac69165215ec480249df97c2e634d8cf3cb4c3b45a84f97e8e36c7024feceee34c48272859c86e68a7d1134b4362f442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
ae916d10ae72dab3465e787bf2441429

SHA1
6a75fb1f17df5ec738308cf7ab779876b52da5f4

SHA256
fc6db20474e8abd4f82d98b512fee8c5032824d17f7dbf8319b58fc9e9c7c193

SHA512
11ffd7ede424feb42e0e59ec255ee7793f6ed650155a15c4261fb9f8a69d4bccd77ed121044baf8eff22ad7c0a1af7f6a0cd86be98488b068b289bab8041b36f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57c999.TMP
Filesize
88KB

MD5
f141c57207a66b6cc38a4315450fde5c

SHA1
efa5e7a3f38418e5a62ddd846edc499d101b6953

SHA256
2e58eaf94189ced7c15586ddab26eaf7038b3e7388a605d6f12ac4404899d359

SHA512
91422c80e7e6fbd1e35a6d9f4bc2a1ad89fc37af29074c1200cf601702b3f1331fa8a6c82c438b4588c7409f841a85a9d3e16c997e739117a57d1784a27da4c3

Download Submit
C:\Users\Admin\Downloads\Solara.zip
Filesize
459KB

MD5
aae266dd3adeb883645fe988beb9f7f2

SHA1
506b4535d398c8a8d807c155d8ab0cbd5e6b6829

SHA256
00304df98f53530d2ec1f38078442f3eb70fe0ee7d915ce2268c754b126a963d

SHA512
b2081e0abb302492c7a6f80af54360a2dd38160063f4a7c736dac6e36a543d62d114bdbabe650de68b42800be44af7681473c4b38eccbe115135e0b9e8880f6c

Download Submit
\??\pipe\crashpad_2204_BGJFJOGXPQVVTQTH
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4944-697-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-683-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-646-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-647-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-644-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-643-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-642-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-641-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-640-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-651-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-717-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4944-716-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4944-715-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download
memory/4944-703-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-702-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-701-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-700-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-699-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-698-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-650-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-696-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-695-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-694-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-693-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-692-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-691-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-690-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-689-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-688-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-687-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-686-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-685-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-684-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-649-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-682-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-681-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-680-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-679-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-678-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-677-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-676-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-675-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-674-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-673-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-672-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-671-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-670-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-669-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-668-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-667-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-666-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-665-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-663-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-664-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-662-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-658-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-661-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-660-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-659-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-655-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-657-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-656-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-653-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-654-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-652-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-648-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-645-0x000000007F350000-0x000000007F360000-memory.dmp

Filesize
64KB

Download
memory/4944-905-0x0000000002D90000-0x0000000002D91000-memory.dmp

Filesize
4KB

Download